Story image

Don’t let cybercriminals hold your business hostage

31 Aug 15

In September 2013, a vicious form of malware entered the threat landscape: CryptoLocker. Belonging to a family of infections called 'ransomware', this virus and others of its type are designed to extort money from victims by denying them access to their personal files.

They target all Microsoft Windows Operating Systems and typically remain unnoticed until after the infected system’s files have become encrypted.

All ransomware variants and families follow a similar pattern. After infiltrating a computer, they hold its files and folders hostage by encrypting them with a unique key, then display a pop-up ransom demand.

Due to its sophisticated encryption strategies, malware of this type is often impossible to remediate once it has already successfully infiltrated a computer, and the short ransom window renders most antivirus software and human technicians ineffective. Unless the encrypted files were backed up elsewhere, a victim’s only option is to pay the ransom.

Ransomware continues to evolve and thrive because it follows a proven business model. By deploying ransomware, cybercriminals effectively generate demand for a product only they can sell.

Although paying the ransom allows victims to recover their files, it can also mark them for future targeting, i.e. recurring revenue.

Furthermore, ransomware can now be purchased as a service (RaaS) through Tor. RaaS allows the ransomware authors to code sell customisable crypto software to distributors, such as botnet administrators. In return, the code authors receive a percentage of any ransoms collected.

According to the Webroot Threat Research team, all of these factors suggest we’ll continue to see ransomware attacks for some time.

As the spread of ransomware continues to wreak havoc, it is crucial for businesses to prepare for these occurrences. However, because new and updated versions of existing malware are released daily, even hourly, the efficacy of conventional, signature-based threat detection is limited at best.

By the time the appropriate signatures become available, the damage is already done, and more variants have emerged. The most effective protection against such infections is a layered, preventive security approach.

One key component to a preventive strategy is to implement a disaster recovery plan that involves daily backups to a repository that typically remains offline, in the event that a breach is successful.

Additionally, because pressing the proverbial reset button can be extremely costly - taking valuable time and manpower, and disrupting employee productivity - organisations need real-time, collective threat intelligence that can categorise even never-before-seen files based on their behaviour and characteristics.

Finally, remaining protected against malware does not rely solely on cybersecurity and backups, but also depends on responsible usage practices.

All users should be educated to avoid suspicious emails, attachments or links, while applications and device operating systems should be patched regularly to remain up to date. With appropriate preparation, businesses should never have to pay another ransom.

For more on the latest threats, visit the Webroot Threat Blog at www.webroot.com/blog

To learn about Smarter Cybersecurity solutions from Webroot, visit www.webroot.com

TCS collaborates with Red Hat to build digital transformation solutions
“By leveraging TCS' technology skills to build more secure, intelligent and responsive solutions, we aim to deliver superior end-user experiences."
Twitter suspects state-sponsored ties to support forum breach
One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.
How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Oracle announces a new set of cloud-native managed services
"Developers should have the flexibility to build and deploy their applications anywhere they choose without the threat of cloud vendor lock-in.”
How AT&T aims to help businesses recover faster from a disaster
"Companies need to be able to recover and continue operations ASAP, without pulling resources from other places to get back up and running."