Story image

Don’t let cybercriminals hold your business hostage

31 Aug 2015

In September 2013, a vicious form of malware entered the threat landscape: CryptoLocker. Belonging to a family of infections called 'ransomware', this virus and others of its type are designed to extort money from victims by denying them access to their personal files.

They target all Microsoft Windows Operating Systems and typically remain unnoticed until after the infected system’s files have become encrypted.

All ransomware variants and families follow a similar pattern. After infiltrating a computer, they hold its files and folders hostage by encrypting them with a unique key, then display a pop-up ransom demand.

Due to its sophisticated encryption strategies, malware of this type is often impossible to remediate once it has already successfully infiltrated a computer, and the short ransom window renders most antivirus software and human technicians ineffective. Unless the encrypted files were backed up elsewhere, a victim’s only option is to pay the ransom.

Ransomware continues to evolve and thrive because it follows a proven business model. By deploying ransomware, cybercriminals effectively generate demand for a product only they can sell.

Although paying the ransom allows victims to recover their files, it can also mark them for future targeting, i.e. recurring revenue.

Furthermore, ransomware can now be purchased as a service (RaaS) through Tor. RaaS allows the ransomware authors to code sell customisable crypto software to distributors, such as botnet administrators. In return, the code authors receive a percentage of any ransoms collected.

According to the Webroot Threat Research team, all of these factors suggest we’ll continue to see ransomware attacks for some time.

As the spread of ransomware continues to wreak havoc, it is crucial for businesses to prepare for these occurrences. However, because new and updated versions of existing malware are released daily, even hourly, the efficacy of conventional, signature-based threat detection is limited at best.

By the time the appropriate signatures become available, the damage is already done, and more variants have emerged. The most effective protection against such infections is a layered, preventive security approach.

One key component to a preventive strategy is to implement a disaster recovery plan that involves daily backups to a repository that typically remains offline, in the event that a breach is successful.

Additionally, because pressing the proverbial reset button can be extremely costly - taking valuable time and manpower, and disrupting employee productivity - organisations need real-time, collective threat intelligence that can categorise even never-before-seen files based on their behaviour and characteristics.

Finally, remaining protected against malware does not rely solely on cybersecurity and backups, but also depends on responsible usage practices.

All users should be educated to avoid suspicious emails, attachments or links, while applications and device operating systems should be patched regularly to remain up to date. With appropriate preparation, businesses should never have to pay another ransom.

For more on the latest threats, visit the Webroot Threat Blog at www.webroot.com/blog

To learn about Smarter Cybersecurity solutions from Webroot, visit www.webroot.com

Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Blockchain: New Zealand needs to get up to speed
"The technology can traverse every business domain and can have far reaching impacts on society as we know it."
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Five key ways an IT professional can keep their body and mind healthy
Sitting in the same place facing an artificially lit screen for 6-8 hours a day can have a negative impact on your overall health if you don’t offset it with diet and exercise.
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Commission warns Spark for misleading in-contract customers
The warning follows an investigation into representations Spark made on its website and in emails in August and September 2018.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.