09 March 2016

Ransomware: how much will you pay?

You’ll be hard pressed in this day and age to avoid cyber security news headlines, more so, those containing ransomware as the method of attack.

Ransomware was accountable for 42% of UK security Breaches in 2015 (infosecurity Magazine, 2016), a prime example being the recent attack on The Hollywood Presbyterian Medical Center. Who, after falling victim to malware placed by hackers to encrypt their files, succumbed and paid their attackers £12,000 in order to regain control of their systems (Computer Weekly, 2016).

Placing a hospital into a cyber choke hold; restricting staff from test results, patient information and relying on pen, paper and fax machines to function, all for financial gain, defines the new lows attackers are willing to stoop to reach their goal. Attackers are moving away from the fun of recreational hacking and firmly into the realms of cyber crime at an alarming rate.

With Cyber security slowly making its mark on the agenda of the board and hackers armed with financial motives and the capability to bring business to a halt. Ransomware attacks have the ability to strike fear into organisations of all sizes. With no defined fee on attacks of this form, attackers may be as capable bringing a large organisation to its knees as they are crippling the day to day activity of small/medium enterprises. Organisations should make their network as unattractive to attackers as possible through the following steps:

1. Backup your data and/or systems.

Actively back up your data on a regular basis, preferably stored offline where files are unable to be infected so that any information that is infected by ransomware can be restored.

2. Email diligence – check known sender, do not open unknown or unsafe attachments, do not click links in email, use mail filters.

Ensure that when attachments are downloaded from emails the source is verified, this can be done by checking who the email was sent by through mail headers. Refrain from opening file attachments that may appear malicious (for example a word document with an executable extension – Budget_2016.docx.exe). Also ensure that mail filtering protection is enabled as an extra line of defence. Never let an unknown user take control of your computer.

3. Use web reputation sources to check and verify links.

Always check before clicking on urls or hyperlinks as they may deceive their actual location. This can be done by hovering over the link or using a link expander website.

4. Limit shared resource access.

Particularly on a network – ransomware will roam the network and locking anything it can find.  Try and segregate the network so that if ransomware has been found, it can be locked down and is unable to be spread.

5. Block ips.

On a business network, block malicious IP ranges such as Tor – which will be used for command control. Using firewalls to block suspicious and malicious IP ranges are recommended as these are where ransomware originates.

Education is key to removing threats that require the user to actively enable the ransomware, so businesses MUST alert their employees about the dangers of all forms of cyber-attack.

Raise your organisation’s level of cyber awareness.