In September 2013, a vicious form of malware entered the threat landscape: CryptoLocker. Belonging to a family of infections called 'ransomware', this virus and others of its type are designed to extort money from victims by denying them access to their personal files.
They target all Microsoft Windows Operating Systems and typically remain unnoticed until after the infected system’s files have become encrypted.
All ransomware variants and families follow a similar pattern. After infiltrating a computer, they hold its files and folders hostage by encrypting them with a unique key, then display a pop-up ransom demand.
Due to its sophisticated encryption strategies, malware of this type is often impossible to remediate once it has already successfully infiltrated a computer, and the short ransom window renders most antivirus software and human technicians ineffective. Unless the encrypted files were backed up elsewhere, a victim’s only option is to pay the ransom.
Ransomware continues to evolve and thrive because it follows a proven business model. By deploying ransomware, cybercriminals effectively generate demand for a product only they can sell.
Although paying the ransom allows victims to recover their files, it can also mark them for future targeting, i.e. recurring revenue.
Furthermore, ransomware can now be purchased as a service (RaaS) through Tor. RaaS allows the ransomware authors to code sell customisable crypto software to distributors, such as botnet administrators. In return, the code authors receive a percentage of any ransoms collected.
According to the Webroot Threat Research team, all of these factors suggest we’ll continue to see ransomware attacks for some time.
As the spread of ransomware continues to wreak havoc, it is crucial for businesses to prepare for these occurrences. However, because new and updated versions of existing malware are released daily, even hourly, the efficacy of conventional, signature-based threat detection is limited at best.
By the time the appropriate signatures become available, the damage is already done, and more variants have emerged. The most effective protection against such infections is a layered, preventive security approach.
One key component to a preventive strategy is to implement a disaster recovery plan that involves daily backups to a repository that typically remains offline, in the event that a breach is successful.
Additionally, because pressing the proverbial reset button can be extremely costly - taking valuable time and manpower, and disrupting employee productivity - organisations need real-time, collective threat intelligence that can categorise even never-before-seen files based on their behaviour and characteristics.
Finally, remaining protected against malware does not rely solely on cybersecurity and backups, but also depends on responsible usage practices.
All users should be educated to avoid suspicious emails, attachments or links, while applications and device operating systems should be patched regularly to remain up to date. With appropriate preparation, businesses should never have to pay another ransom.
To learn about Smarter Cybersecurity solutions from Webroot, visit www.webroot.com