Dubai: Businesses large and small are under threat from ransomware. Ransomware deliberately scrambles the critical data files on your computer, leaving the criminals behind the attack with the only copy of the decryption key.
The crooks then offer to sell you the key, typically for about $300-$1000, so you can unscramble your files and carry on working. This can cause massive disruption to your organisation: even if you decide to pay up, the process of recovering your files is both uncertain and time-consuming.
According to a research by SophosLabs, cybercriminals are targeting their ransomware attacks more and more effectively, varying the attacks by region to make it more likely that even well-informed users will fall for the scam.
Emails delivering ransomware, for example, are often written in the local language, with good spelling and grammar, and use local brands and logos to make them more believable.
“Most ransomware arrives in booby-trapped files attached to emails. These days, many organisations use their email filters to discard program files sent in by email, because they are very frequently dangerous, and there is almost no business case for allowing them,” said Harish Chib, vice-president for Middle East and Africa at SophosLabs.
Moreover, he said that ransomware attacks always avoid sending in programs (executable files) directly, instead claiming to be documents containing invoices, requests for quotations and other types of correspondence that are bread and butter for the average organisation.
After all, documents are supposed to be opened and looked at — how else to decide what attention they need?
The Pony malware is a well-known password stealer, so the criminals not only get to extort money through the ransomware component, but also to sniff out passwords that they can use for later attacks, or sell on to other criminals in the cyber underground.
Attacks such as ransomware often pass through many security checkpoints, such as email filters, endpoint protection and more. Traditionally, however, these products have worked independently, reflecting the fact that, in many organisations, each part of the network is managed and secured separately.
Unfortunately, he said that it can lead to a situation that is rather like a hospital where the patients can’t talk to the doctors, the doctors can’t talk to the nurses, and the nurses can’t talk to the patients.
“When it comes to protecting networks against malware, detection and remediation can be improved greatly if there is coordinated communication and interaction between the various security layers,” he said.
Better safe than sorry
• Backup files regularly and try to keep a recent backup copy offline. Encrypt the backup for added protection.
• Regularly update your security software.
• Don’t open unsolicited attachments just out of curiosity.
• Don’t turn off security features just because an email or document asks you to do so. (For example, many ransomware files arrive in documents that tell you to “enable macros”, without which the ransomware won’t work.) .Don’t give your staff more login privilege than they need. Users who are administrators will do much more damage to your network if malware attacks their computer.
• When you need administrator right, login to perform your administrative tasks and then logout. Try to avoid browsing and opening documents while logged in as an administrator.
• Disconnect from Wi-Fi or unplug from the network immediately if you run a file that you suspect may be ransomware. Once active, ransomware may scramble files accessible across the network, as well as on your own hard disk.
• Patch early and patch often. Ransomware that is not spread via email attachments often relies on security bugs in popular applications such as Office and Flash. The sooner you patch, the fewer the security holes available to cybercriminals.
• Don’t give up on user education. Even though a well-informed user may still make mistakes, an uninformed user will not know how to avoid them at all.
• Divide up functional areas within the company network with internal firewalls. This helps to restrict the damage that a cyberattack in one department can do to the rest of the organisation.
• Stay up-to-date with new security features in your business applications. For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.