The Ransomware threat: How companies can better protect themselves

Kevin Foster's advice for actions that companies can take to protect themselves against ransomware may be considered basic - from ensuring back-ups to not clicking on links - but they are actions that many neglect to take.

Kevin Foster, testing services manager, MTI Technology
Kevin Foster, testing services manager, MTI Technology

Digital extortion has been around for a while. The introduction of ransom cryptware, such as Cryptolocker in 2013, has enabled attackers to increase the effectiveness of an attack. Since its introduction, the use of Ransomware has grown, with an increase of 165 percent in Q1 of 2015.  The simplicity and commercial effectiveness of this sort of attack is what makes it appealing to cyber-criminals. In fact, 54 percent of all malware targeting UK users in 2015 contained some form of ransomware.

Ransomware malware is hidden in email attachments, downloads, compromised websites or malvertising. It is most commonly delivered via email en masse, with the attacker looking to opportunistically latch onto a victim. Recently, the content of these emails has been tailored to specific regions and local languages, with the apparent legitimacy of the emails also increasing in quality. Ultimately, the intention lies in infecting as many individuals as possible to maximise the chances of getting a result.

Precautions against the threat of Ransomware

Ransomware can infect a company's systems if the correct precautions are not in place or if employees are ignorant to the threat. The tips below can help safeguard a business against this growing threat:

1. Shield yourself against attacks – Install security and antivirus software on any computing device connected to the internet. This is the first step to keeping your files and data protected. Additionally, regular scheduled scans of your system will also improve protection.

2.  Update your software – This includes operating systems, web browser software, security software and installed applications.  Enabling Automatic Update settings and installing updates as soon as they become available is also good practice and will ensure you do not fall behind when it comes to the latest malware definitions.

3.  Data back up – As a ransomware attack locks you out of important files and documents, one way to keep yourself functional, should you fall victim to an attack, is to regularly back up files and data onto external storage devices or archived storage. This will allow you to still access copies of files should you fall victim to an attack.

4.  Constant vigilance and education – Although security and antivirus software is a defence against ransomware, individuals can also act as a first line of defence by only opening emails and attachments from trusted sources.  Avoid downloading files from untrusted sources, but if necessary, always run a virus scan on the prospective file before opening.  This should be part of the education process for employees on how to remain safe against emerging cyber-threats.

5.  Split access – Do not browse the web and access internet email from computers (servers) that have business critical files and databases.  This can create a direct access point to this crucial data for cyber-criminals.

6.  Passwords – Do not re-use the same password across multiple accounts.  Once a cyber-criminal has obtained one of your passwords, they could use it to access your other online accounts. Setting up password reminders to prompt employees to change their passwords every couple of months is a way of reducing risk.

Ransomware infects machines by exploiting software vulnerabilities and can be very stressful and costly to recover from. However, pre-emptive measures and the backing up of data will go a long way to reducing the risk and impact of a ransomware attack.

Ransomware attack – what you need to know.

·     The main goal of a ransomware attack is to deny access to important business files, requiring a company to pay a fee to decrypt the files.

·     This type of attack occurs when malware infects a system's hard drive, locking away files under encryption.

·     The attacker will reach out to the victim or company via email requesting a sum of money in return for a decryption key that allows the company to regain access to hacked files.

·     It is important to note that payment does not guarantee that the cyber-criminals will respond with a key and full access to encrypted files. The only reliable way to restore access is to remove the malware completely. Ideally infected hosts should be fully erased and re-built (from the firmware up) to guard against any backdoors being installed and then hardened in line with good security practice to prevent re-occurrence.

Refusal to pay

Refusal to pay a ransomware threat can be a dangerous gamble for enterprises. Modern ransomware is created to be fundamentally impenetrable, although there are some circumstances when the key can be cracked as a consequence of coding / design flaws by malware writer. For many companies, the only way to get back access to crucial documents is to pay the ransom.

Companies that prepare ahead of time against the threat of ransomware and back up data in real time, are able to disregard the request for money, wipe the infected devices, implement security hardened builds and restore the files. Putting in the necessary precautions enables a company to manage a potential attack and helps protect them against future attacks.

However, with IT budgets and staff being continuously stretched, this is not always a reality.  Sometimes, a company's back up facilities do not work and this is not picked up as it fails to test the restore function until an attack occurs.  At this point, a company is caught between a rock and a hard place, often with no access to their files. This is when most companies look to pay a ransom. In reality, they should not pay until they have exhausted all outlets, including toolkits and methods of decryption that could restore access. Paying a ransom should always be the last option for victims.

Contributed by Kevin Foster, testing services manager, MTI Technology