In the last couple of months discussion of the ransomware computer threat has catapulted out of the computer pages into mainstream news, and for good reasons.
Firstly, the number of ransomware attacks worldwide grew by over 500 per cent in 2013 according to security firm, Symantec. Concern is such that in June of this year, the Australian Federal Police spoke to media urging local businesses to report any experiences of the threat. And secondly, in June the US Federal Government made a very high profile announcement about the successful “disruption” of a major, global ransomware network. Unfortunately, it took less than six weeks for the network to get back up the network as back up and running again.
The idea of ransomware is devastatingly simple. Malicious software (malware) that has unknowingly been installed on your computer takes control and locks you out by encrypting your most valuable content. A message then appears on your computer – perhaps as an email or a web page – stating that unless you pay a ransom, your documents and applications will remain inaccessible.
In some variants for example, Reveton, the ransom request appears to be the work of a law enforcement authority. The notification suggests the authority has been monitoring illegal activity occurring on the computer and the ransom itself is termed a “fine”. In other variants, such as the widely publicised CryptoLocker, there is no attempt to disguise intent. The demand for payment is accompanied by a threat to make future access to the data all but impossible.
The source of malware
There are a number of ways malware can arrive on your computer or on your computer network. The most common methods have been used by viruses and worms for years. They include opening a malicious email attachment or clicking on a malicious link that appears in an email, on a website or a social networking site.
Malware can also arrive via infected files on CDs, USB thumb drives and external hard drives.
Minimising the risk
The potential of ransomware appearing on your computer system has undoubtedly grown in the last 12 months as hijackers have turned their attention to small to medium enterprises. Therefore, it’s important to take all possible steps to minimise risk.
The first place to start is with employees. After decades of discussion about viruses, you could be forgiven for thinking everyone should be aware of the danger of clicking on unknown email attachments or web links. Sadly, this is not so. Periodically, staff need to be reminded not to open spam emails and to be mindful of the sites they visit. They should always check the legitimacy of any communication asking them to download files, update software, or when dealing with requests that seek personal information.
Every organisation can benefit from a good spam filter, web security and anti-malware solutions.
Always keep the software on individual computers and across your business system up to date. This will ensure all devices are protected by the latest security patches.
Another method for keeping data safe is to encrypt or encode the data on your hard drive. This makes your data unreadable by anyone else, including criminals. An internet search will quickly provide a list of any number of reputable encryption solutions that can help manage a variety of needs including email and internet traffic, applications, cloud storage, hard drives, and external drives and USB thumb drives.
Play it safe
Despite the best efforts, no amount of diligence and no approach to security is foolproof. Since you don’t have many options in the case of an attack, it’s a good idea to always maintain a recent backup of your data in an off-site location. The backup can be as simple as an external hard drive, it may be stored in a cloud solution or be part of a complete disaster recovery set-up.
No matter how your data is safeguarded, try this simple test. Imagine your documents and applications are being ransomed right now, then ask yourself: When was your last backup? Is there critical and unique information on the affected computer? Could someone access your private data and or financial information?
When you consider the implications, the need to prepare for the worst case becomes very clear. Protecting your business by using security best practices and maintaining an up-to-date backup of your business system is not only prudent. It’s critical.
About the Author
Adrian Briscoe is the General Manager – APAC, Kroll Ontrack
