Held hostage: Be alert for ransomware
Ransomware is a type of malware which attempts to extort money from victims by restricting access to a computer system or files. The most common form is crypto-ransomware, which encrypts files into encoded messages that can only be decrypted by the fraudsters.
In 2015, victims paid over $24 million in ransoms, according to the FBI’s Internet Crime Complaint Center. In a recent report, Symantec described ransomware as reaching “..a new level of maturity and menace.”
A common tactic
The cybercriminals typically employ social engineering tactics, such as well-crafted phishing emails designed to manipulate as many unsuspecting victims as possible and maximize profit. The emails will likely include a malicious attachment that the recipient is fooled into opening, thus enabling macros which “lock” computer files.
Of course, ransomware targets businesses as well as home users. For a business, the negative consequences might include:
- Temporary or permanent loss of sensitive or proprietary information.
- Disruption to regular operations.
- Financial losses incurred to restore systems and files.
- Potential harm to an organization’s reputation.
It’s important to remember that paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Tips to help prevent the threat
First and foremost, regularly back up computers on an external hard drive and in the cloud. It’s not only a best practice; if you have copies of your computer’s entire contents, there is no need to pay a ransom to an attacker.
Watch out for these indicators of a phishing email:
- The message asks you to click on something in the message or to provide personal information. Financial institutions and reputable businesses do not send e-mails asking for personal information.
- The message contains urgent appeals, such as a claim that your system access may be cancelled if you fail to take the action requested. Reputable businesses don’t do this, either.
- The message contains a generic greeting (for example, “Dear Customer”).
- The message contains grammar or spelling errors. These errors can be used to help fraudulent emails get through spam filters.
Here are some other things you can do to help protect your business:
- Use email filtering to examine all incoming and outgoing email to determine whether or not a message is known to be malicious or junk and to quarantine attachments with macro extensions (.docm, .xlsm, .pptm).
- Install anti-malware on desktops and servers and a firewall from a reputable company. Use automatic updating to ensure protection against the most current threats.
- Limit administrative rights on computers (malware typically needs admin rights to fully infect a computer).
- Limit access to data based on a need-to-know because some malware affects network drives and without access, it can’t get there.
- Educate employees about the risks and train them to be suspicious of unsolicited emails and to avoid clicking on links or attachments in emails.
For more, see our “:60 Security Download” video on ransomware.