By now you must have heard about malware's evil twin brother, ransomware. The greedy, malicious program which locks or encrypts files before attempting to extort money has quickly become a household name. On average, you’re looking at shelling out $300 in ransom to restore access, but what else can you do? Read on to learn more about ransomware and how you can protect yourself.
Your Digital World is at Risk!
There is a huge misconception among experienced users: “if you’re not looking in the dark corners of the web than you should be fine.” But even if you don't do anything wrong, you may still be at risk of getting infected with ransomware.
From your smart refrigerator to that shiny new flat screen, ransomware is lurking in wait to strike. While most cryptoviruses are designed to target computers running Windows, ransomware has been discovered on devices running Android and even infecting other variants of Linux-based servers.
Guess what: not even your precious California designed laptops and desktops are safe! That's right, security researchers have proven that current cryptoviruses can easily be converted to target Mac OS X and even their attached iDevices. It's currently a landrace among creators to see who can infect the most devices and ultimately extort the most money.
I Am The LAW!!
Unless your name is Judge Dredd or John McClane, you’ll likely turn to local authorities for help. However, most law enforcement agencies are powerless against ransomware. Although there have been a few wins when law enforcement and private security firms team-up (e.g. Operation Tovar), other successful campaigns have been few and far between.
With a marketplace which offers customized variants, ransomware as a service, utilizes the Tor anonymity network, the tools once used by the master has fallen into the hands of the fool.
Fully aware that it is almost impossible to track down their command center, a few of these fools have been so bold to target police departments, government agencies, and even hospitals. Even an FBI official admitted at a tech conference that in many instances the agency instructs victims to pay the ransom if they don't have a backup.
We've already established that you're unlikely to track down your attacker – but did mention that sometimes the good guys get a win.
The first rule in building a ransomware program is to use a resilient crypto algorithm. Making decryption without the originating key something you'll only see in a movie. But like the criminals on the silver screen, they're bound to make a mistake and when they do the hero is ready to seize attack servers, recovering encryption keys to develop a decryptor.
In this rare case, you might be one of the lucky people just a few clicks away from downloading a decryptor and recovering complete access to your files. All without paying a single cent! Lucky you!
Mama Always Said, “Back-Up Your Data”
Ok, Mama never reminded us to keep duplicates of our data (she should have), but it's still sound advice that may keep you out of a sticky situation. While most of us back up our sensitive data to external drives or shared network devices, we may have set ourselves up for disaster. The very nature of ransomware is to spread across filesystems infecting/encrypting everything in its wake. By the time you discover the virus, it may be too late to save your backups, all accessible devices and drives are most likely encrypted.
When backing up your data, experts recommend following the simple 3-2-1 rule: make at least three copies of the data, save them to two different formats and store at least one copy off-site (maybe at Mama's house or a hole in the backyard) or offline.
Personally, I keep a complete clone (OS, applications, and data) of my laptop backed up to an external hard drive, kept locked in my desk. Then upload a copy to Amazon's long-term backup service, Glacier. Followed by a folder sync backup to S3. Once my files are in the cloud; automated services take on the task of versioning and duplicating my precious data across the AWS platform. Yes, this is crazy talk, but I'm able to recover my data quickly and restore service in less than two hours! Come at me bro!
As for the corporate life; we use a mixture of network-based backups (*cough* Avamar) and cloud-based backups (*cough, cough* Mozy) along with sync and file share services such as OneDrive and Box.
To Pay the Ransom
Oh boy. You must have made an off-site backup of all your mission-critical data, right!? No! Crap. Then you must be thinking about paying the ransom so that you can get back to business as usual.
Here's the rub: you're unlikely to relay your credit card number, and I think it's safe to say that they're not going to ask you to write a check. A hint of irony to this tragedy: the cryptoviruses preferred method of payment is via cryptocurrency, namely bitcoins. The popular electronic currency allows the owner to stay anonymous, thus improving their odds of not getting caught.
To get your hands on a bitcoin is relatively easy. Similar to the global exchanges, there are online markets that offer you digital currency for legal tender. For the sake of this blog, we're not going to go deep but if you're looking to diversify your portfolio - follow this link.
Here's what really sucks; even if you pay the ransom, there is a good chance that the decryption key they give you won't work!
So You're Telling Me There's a Chance…
Now that we've established that no device is safe, law enforcement is helpless*, free decryptors aren't reliable, backups can be compromised, and a paid ransom doesn't always equal a working decryption key, we can finally talk about prevention.
Ransomware most commonly penetrates through email, often posing as a time-sensitive or important attachment like an invoice or free offer. Once you open the attachment, the virus goes to work, infiltrating your system and self-propagating across the local network. Gaining control over all connected systems by using browser, app, or OS vulnerabilities (rare but it happens).
Follow these simple rules and there's
a good chance that you can stay virus free.
Keep software and operating systems up to date and backed up.
Disable FLASH PLAYER! Say it with me, "Flash is dead, long live HTML5!"
Never open documents or enable macros unless you have verified with the author/sender first.
Everything in your inbox should be scrutinized, especially those containing attachments.
Limit Your local user account (you shouldn't be working from an admin account).
INSTALL, RUN, AND KEEP AN ANTIVIRUS UP-TO-DATE!
From a business perspective, you may want to realign your current security strategy. Think People, Processes, and Technology! The first line of defense in protecting any organization sits at the human level. Properly educate employees on how to defend against the latest ransomware and web-based attacks. Additional make sure your anti-x software protects you from file downloads, fileless attacks, etc. Are definitions being updated frequently? Do you have sufficient device coverage? What are you doing for BYOD users? Are you including web and email filtering in your security strategy?
Make sure you're patching software, not only externally, but on the inside of your network. 99% of attacks take advantage of KNOWN vulnerabilities. How often are you verifying that patching is truly taking place? Are you applying mitigating controls to those systems that cannot be immediately patched?
Back up, back up, back up. I can't stress this enough but ensure that backups are not addressable by your server OS. In other words, separate them logically from the servers.
Be ready to respond. Your Incident Response and Disaster Recovery plans must be up to date and TESTED. Do you have enough data to respond? Are you monitoring different systems, or is your data being correlated and alerts raised to an appropriate person?
RoundTower’s team of security experts can help you build a holistic solution and, in most cases, automate a process to protect the core of your business because it's only a matter of time and human nature until Harry opens an infected email attachment or Lloyd forwards an infected meme to a client…
What's Your IT Security Maturity Level?
Find out if your current cybersecurity strategy is up to snuff with a
true risk assessment from RoundTower. Check it out.