By Razvan Muresan on Apr 12, 2017 | Enterprise security and IT executives who are not concerned about ransomware threats today are probably in the midst of some sort of denial. These types of incidents—in which an insidious type of malware encrypts or locks digital files and demands a ransom to release them—have been on the rise. And they present serious threats for organizations in a variety of industries. Last year United States and Canadian government organizations issued a joint cyber alert regarding the rise in ransomware attacks. The U.S. Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), released the alert to describe the various types of ransomware, stating, “the authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users’ systems can become infected with additional malware.” Malware infections from ransomware “can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” the alert said. The U.S. Federal Bureau of Investigations (FBI) noted in its own alert on ransomware in 2016 that large enterprises, small businesses, hospitals, school districts, state and local governments and law enforcement agencies were among the entities that had recently experienced ransomware attacks. The potential results of a ransomware attack include the inability to access important business data and applications, loss of sensitive or proprietary information, disruption of operations, financial cost to restore systems, and harm to an organization’s reputation. As the FBI noted, ransomware has been around for several years, but during 2015 law enforcement began to see a rise in these types of cyber attacks. In a ransomware attack, the bureau said, victims typically open an e-mail addressed to them and click on an attachment that appears legitimate, such as an invoice or electronic fax. But it actually contains the malicious ransomware code. In other cases the e-mail might contain a legitimate-looking URL that actually directs the user to a Web site that infects their computer with malicious software. Once the infection is present, the malware can start encrypting files on local drives, attached drives, backup drives and other systems on the network. “Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key,” the FBI said. The messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity the virtual currency provides. Ransomware attacks aren’t just proliferating, the FBI report said, they are becoming more sophisticated. Years ago ransomware was usually delivered through spam e-mails. But because e-mail systems got better at filtering out spam, cyber criminals began leveraging spear phishing e-mails aimed at specific individuals. In newer instances of ransomware, some attackers aren’t using e-mails at all and are bypassing the need for a user to click on a link. They do this by seeding legitimate Web sites with malicious code, taking advantage of unpatched software on end-user computers, the bureau said. The FBI doesn’t support paying ransoms in response to these attacks, because paying them doesn’t guarantee organizations will get their data back. It recommends that organizations focus on two key areas: prevention efforts such as awareness training for employees and robust technical prevention controls; and the creation of a solid business continuity plan in the event of a ransomware attack. Here are some tips the bureau provided for dealing with ransomware:
In addition, as part of their business continuity efforts enterprises should back up data regularly and verify the integrity of those backups regularly. Some security products on the market are designed to protect against ransomware attacks. For example, Bitdefender features a module in all of its classic line products (Internet Security and Total Security, Gravityzone Business Security) that is designed to protect certain folders from ransomware malware that infects client’s PCs and encrypts personal files. Source: Bitdefender Insights in Virtualisation and Cloud Security Understanding that employees could be the weakest link in the organisation where hackers may seek ways to penetrate your corporate system through them, we at FIFTY SEVEN NETWORK also provide Security Awareness Training to increase employees awareness on cyber security. for more information, please do not hesitate to contact us at 03 9212 0142 or [email protected].
Comments are closed.
|
Protect from RansomwareBuy Bitdefender now RECOMMENDED READINGs
All
|