Ransomware – Update

Excuse my French, but Holy Cow, a ransomware developer has created a new evil
way to monetize their operations by adding a DDoS component to their malicious
payloads.

Instead of “just” encrypting data files on the workstation (plus any
network drive it has access to) and locking the machine, this variant of the Cerber
ransomware
also started adding a DDoS bot that can quietly blast spoofed
network traffic at various IPs, which can help take down other networks.

It is important to understand the effect this virus can have on your computer, network, documents and your business. Example: If an employee of your company has Administrator access to your network devices, like accounting systems, backup devices etc, then so does the virus.  If your network NAS backups are all using one username and password for all backups, then this virus has the ability to encrypt all of your backups not just the infected computer’s. One employee, clicking on a link in an email, can potentially take down your entire network.

Ransomware criminals use encryption to block users from their online files – releasing the locked-up data when the targeted entity pays a ransom. Instances of this type of online extortion grew a whopping 170 percent in 2015 – with the majority of cases occurring in the U.K. Attacks in the United States have been on the rise, and now the majority of attacks worldwide occur here.

Impact on Small Businesses

In the beginning, attacks targeted small and medium-sized businesses as well as individual consumers. Cyber criminals were more likely to encounter weaker security systems and lax backup procedures at smaller firms, and many cyber-crooks chose high volume and lower returns rather than tackling larger organizations with more sophisticated security protection. Criminals discovered that victims were most likely to pay up without contacting the police if the ransom demand stayed modest – within the hundreds of dollars realm. Online extortionists now have turned their attention to larger organizations, demanding tens of thousands of dollars.

How do the online extortionists get access?

Usually through infected email. Investigators cannot unlock the ransomed files, which are heavily encrypted, unless they find the cyber-crooks’ control servers, which could be anywhere in the world.

What can you do?

A notorious ransomware threat known as Cryptolocker comes as an email or via a downloader brought along as an extra component. Its authors continue to create new variants, target different groups and repel changes in security technology. Seek professional IT assistance to lessen your vulnerability. In the interim, here are several simple steps you can take to protect your files.

  1. Consult and IT professional, that has security experience, regarding your backups.  Cryptolocker attacks all drives that are mapped (e.g., those tagged D or E drives), including external drives like USB thumb drives, Dropbox, Google Drive and other real time sync systems. This means that your backup system must either include an external drive that is disconnected when not actively backing up your files or an online provider of automated backup services.
  2. If you don’t need Admin access to your computer then change your access rights. This might seems like an undo-able request, but it is not that disruptive, you can keep your Admin password close by so if you need it you can copy and paste it or type it in.
  3. Crooks use email (with attachments) as a way into victims’ systems. Recently, Cryptolocker has used files with the extension .PDF.EXE (this may have changed by the time you read this). Set your gateway mail scanner to filter files and deny entry to emails with two file extensions – the last extension being the executable component.
  4. If your computer is able to allow users to access your machine remotely and you don’t use this function, known as Remote Desktop Protocol or RDP, disable it. This is another favorite entry point for ransomware.
  5. Keep your security software fully updated – use automatic updates, whenever possible. Don’t delay downloading manufacturers’ updates. Use top quality anti-malware PLUS a software firewall.
  6. All software downloaded from the internet should be “Saved” and scanned, never click “Run” no matter where the software came from.  After saving it, you can scan it for free here, VirusTotal,  You would be surprise at what has been found inside downloads from what you would think was a trustworthy site.

Following recent brazen attacks on the BBC and The New York Times, Ransomware has attracted significant attention. It is a major threat, but smart defensive strategies combined with good recovery protocols can help keep your data safe.

Leave a Reply