subscribe: Daily Newsletter

 

Surviving a ransom situation

0 comments

The Trend Micro Q1 Security Roundup, Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices, revealed that cryptoransomware set their sights on enterprises. Ihab Moawad, vice-president MMEA and CIS at Trend Micro explores what this means to your business.

Are you ready to pay a ransom for your company data? The first quarter of 2015 has seen ransomware continue its strong comeback and turn more deadly, as cryptoransomware accounted for over half of all ransomware infections. The number of ransomware infections doubled in Q4 2014 and now in Q1 2015 the number of cryptoransomware infections has more than doubled. Cryptoransomware infections have quadrupled since Q1 2014.

These are scary stats considering how valuable enterprise data is and how quickly the compromise of client data can send a company’s reputation spiralling down the drain. Even more pertinent is the imminent implementation of the POPI (Protection of Personal Information) Act which gives companies a year to comply or face hefty fines – or even jail time – if customer information is not protected sufficiently.

Today’s ransomware no longer just locks victims out of their computers like their Police Trojan predecessors. Cryptoransomware, their more lethal descendants, encrypt valuable user files and hold them for ransom to ensure user payment, putting users at great risk as cybercriminals set their sights on the enterprise.

The short of it
You may never have heard of ransomware and if this is true then think of ransomware as a kidnaper that’s after your precious child. It’s a variation of malware that takes control of your system or data away from you and refuses to return it until you pay the cyber-criminals behind the attack. Your data is the hostage and your money is its freedom, hence why this malware has been dubbed “ransomware”.

It’s not a new concept, in fact ransomware has been around for ten years with the first versions having been detected in Russia in 2005. But as all things Internet are capable of doing, the malware has spread around the globe and now comes in many different versions. The latest of which is a beefed up version called cryptoransomware that has a bulls-eye stuck firmly to the enterprise’s forehead.

In the past year and a half Trend Micro has come across a particularly nasty version of ransomware called “Cryptolocker”. It will encrypt the files that are important to you and offer to decrypt them only when you pay up. The encryption used by Cryptolocker variants is nearly unbreakable so users usually have to choose between paying the cyber-criminal or losing the data.

What’s even scarier is that ransomware has been so successful that it’s made the jump from PC to Android and the Q1 report has highlighted that enterprises are the newest target. Is your workforce mobile? Who connects to your company network? Who has access to enterprise data? Where is it stored and is it backed up? These are serious questions that you will need to consider if you wish to have a hope of protecting your enterprise data from cryptoransomware.

According to our Q1 Security Report, almost half of all ransomware infectors in the first quarter of 2015 have been classified cryptoransomware. CryptoFortress, a Cryptolocker “copycat” encrypted files in shared folders and CRYPWEB encrypted Web server databases.

Is there a difference between ransomware and cryptoransomware? Indeed. Cryptoramsomware offenders don’t want your data, they want your money and more specifically they are after bigger pay cheques, which is why the enterprise is a prime target.

So what do I do?
The heretofore successes that cybercriminals have had using ransomware means that it will be sticking around and with a growing plethora of connected things in the IT landscape they have more targets than ever.

The best way to protect your enterprise from ransomware is to keep systems up-to-date, run a full-featured security package and educate employees on the unreliability of attachments. In addition to this it’s vital that you ensure that your business data is backed-up as a good back-up can rescue you from having to pay a cybercriminal for your data.

Enterprises need to take ransomware as a serious threat to their infrastructure and business as a whole. Ask yourself if you are doing enough to protect your business from security threats. If we learnt anything from the biggest incidents of the first three months of 2015 it’s that even the most threat and security-savvy users and organisations are not immune to these dangers. Threat actors will take advantage of the slightest security loophole to get what they want, so there is no room for error.

Ransomware can effectively destroy enterprise files once you’re infected, this is the type of threat where the best thing you can do for your business is make sure that you don’t get infected in the first place.