By Shawn Nelson, Director of Information Security
One of the greatest cyber threats facing organizations today is ransomware. This malicious software infects your system and then encrypts your files, rendering them unusable. When the encryption process is completed, you are presented with a ransom screen demanding payment to regain access to your files. The payment method used in the majority of ransomware attacks is a digital currency known as bitcoin. The current ransom cost for decryption of your files averages between $500 to $1000 dollars per infection. This article will examine the ways in which your system can be infected by ransomware and the preventative measures that can be taken to reduce your risk of becoming a victim.
How does a computer become infected with ransomware?
- Opening attachments in phishing or spam emails
- The ransomware may be directly attached to the email.
- The attachment may contain a macro that downloads the ransomware.
- Clicking on a link embedded in a phishing or spam email
- The link directs the browser to a site that contains an exploit kit that installs the ransomware.
- Clicking on links in social media posts
- Visiting a site that contains an exploit kit
- Visiting a legitimate website that contains a malicious advertisement
- This is known as Malvertising.
- Downloading a malicious app from a 3rd party app store, primarily impacting Android devices
- Connecting an infected USB dongle or flash drive to your computer system
- Clicking on a link in a malicious text message sent to your mobile device
Ransomware continues to evolve in sophistication and in the number of different types found online. This is due to the effectiveness and profitability of ransomware campaigns.
How is ransomware evolving?
- Variants are beginning to exhibit worm-like features that allow it to infect other machines and servers prior to performing the encryption. This reduces the likelihood of being detected until it is too late.
- Variants are targeting new systems, such as web servers, database servers, remote desktop servers, and Internet of Things devices, which include Android Smart TVs, smart watches and industrial control systems.
- New extortion features include increasing the ransom fee or deleting files every hour until the ransom is paid.
- New variants will encrypt files after stealing sensitive information in order to prevent detection and forensic analysis.
- Ransomware as a service has made deploying ransomware available to anyone. The hosting service receives a portion of the ransom paid.
How do you reduce your chances of becoming a victim of ransomware?
- Perform regular backups and routinely test restores. Keep backup copies offline to prevent ransomware from encrypting them.
- Implement a layered security approach. This includes a good anti-virus program, network based firewalls, next generation email and web filtering systems.
- Perform regularly scheduled updates to operating systems, browsers and applications. If patching is not an option, look to use virtual patching technologies such as web application firewalls and internal intrusion prevention systems.
- Implement the concept of Least Privilege. Your network account or system login should only contain enough permissions to perform daily tasks and assigned job functions. Use a separate dedicated account for software installs and other system updates.
- Develop an action plan on how to respond if your systems are infected with ransomware.
- Educate employees on the dangers of ransomware and how to identify phishing emails.
- Avoid clicking on email links or attachments from unknown or untrusted sources.
Ransomware and other forms of online extortion will continue to evolve. However, with proper planning and sound security practices, you will be able to significantly reduce your chances of becoming the next victim.
Sources:
