Imagine opening an email with a word document. It looks innocent enough, but in seconds, strange letters flow across your screen. Your data becomes unusuable. And then a demand pops on the screen for payment to make it usuable again. You have been held to ransom. This is "ransomware", and it is closer than you may think.
BBC news had this recent report about Guernsey:
“Businesses in Guernsey are being targeted
by cyber attackers who demand a ransom to recover lost files, computer
engineers have said. Ten companies have been hit by attacks that lock a
business out of its computer system until a ransom is paid. No engineer has had
any success in getting files back for customers so far. One person has tried to
pay the ransom, but the price went up from £400 to £1,000 in 24 hours.”
Computer engineer Paul Domaille said the
problems for one company began when they opened an email with the subject
"remittance advice enclosed". He said: "I clicked on this email,
the screen went black, clicked a few times and when I tried to look at quick
books it was all gone. Everything stored on the computer was quickly encrypted.
Messages then started to appear on screen asking for a ransom, in order to get
the data back ”.
“Victims range from hotels and restaurants,
to small businesses and individuals. In every case, there was a demand for
money to unlock the computer.”
"The advice is not to pay it, go back
to back up and that's the only way to recover your files."
And in the UK recently, another case:
“Lincolnshire County Council's IT is back
up and running after the council shut everything down last week following a
ransomware attack in which the attackers turned out to have asked for a mere
£350. Despite the BBC reporting that the council had been hit by a £1m ransom,
a spokesperson told The Register that it had only been asked for $500 (c £350),
unsurprisingly to be paid in Bitcoin.”
Ransomware began in 2005, but has recently
re-emerged as a mature form of malware. It works by using phishing technicques - psychological tricks - to try and persuade a user to click on a link, or open a document.
This opens up the PC to run the software,
and in a matter of minutes, all the data will be encrypted and unusable –
unless you have a key. After the data is rendered inaccessible, a blackmail
demand is made, often asking for the ransom to be paid in bitcoins, which are
relatively untraceable.
The most success variant at the moment,
according to security firm Imperva is called Cryptowall 3.0. The report says
that it has caused $325 million (£225.7m) in damages so far.
Jonathan Sander, VP of product strategy at
security firm Lieberman Software, says that Cryptowall is easily avoided with a good
backup policy. He commented:
"The other problem is that reporting
Cryptowall issues to more savvy law enforcement sounds like reporting your bike
was stolen when you didn’t bother to lock it up. Since a good back up strategy
can be almost 100 percent effective to combat Cryptowall, police may simply
feel the real crime was your own lack of preventative measures".
Even though the advice to back up a
computer sounds simple, it is often not done until disaster hits, and the hard
drive fails, or in this case – the system is rendered inoperative. Sander says
it is like advice for healthy living:
"So much good security advice sounds
like health advice. Everyone knows they should eat right and exercise, but so
many simply shrug at this advice as they return to chips in front of the
television. Every organization knows they need to back up, monitor file
activity, protect admin privileges, and run basic perimeter defenses like
antivirus and firewalls. Since none of that security seems to contribute to the
bottom line and takes a modicum of effort, people’s laziness kicks in and they
skip the basics".
Michelle Drolet of Network World makes the
following recommendations:
- Install reputable anti-virus and anti-malware software.
- Don't open attachments in emails, unless you know what it is.
- Don't follow links in emails, close the email, and go directly to the website in your browser.
- Use strong passwords, and don't reuse the same passwords.
- Make sure all of your system software and browsers are patched automatically with security updates.
- You should apply all of these rules to whatever device you're using. Smartphones, tablets, and Macs are not immune to ransomware.
- Finally, make sure you have solid back-ups of all your data.
The latter is most important and they
stress:
“You can also mitigate the risk of
ransomware by having a robust and regular backup routine. If your files are
backed up and you can access them, there's no need to pay to unlock them, but
it may still require some serious effort to rid yourself of the ransomware once
your system is infected.”
That's because the actual PC may be still infected, so the first step is to get a computer engineer to disinfect that, and make sure it is clean, and then and only then can you safely restore from backup. And you do keep regular backups, and test they can be restored, don't you?
No comments:
Post a Comment