Has your organization been affected by Ransomware

Has your organization been affected by Ransomware? It may just be a matter of time, unless you have the right processes in place. Antivirus vendors and security professionals continually strive to make headway against global malware campaigns. This forces hackers to seek more inventive ways of keeping their stream of revenue alive and this has lead to the expansion of Ransomware.

Imagine waking up on Wednesday and booting your laptop. Instead of seeing your LinkedIn profile or Twitter feed, you’re greeted with a large unattractive image demanding money. The claim that if you don’t pay $200 to an unknown party within 24-hours, everything you know and love on your computer will be erased, and gone forever. this is the new and expanding world of “ransomware,” the fast growing tactic allowing criminals to pull cash from people and companies.

ran·som·ware

As if business owners don’t have enough to be concerned about, researchers from Trend Micro wrote that in June and July of this year the vast majority of users who clicked on malicious links in CryptoWall-related emails were from the Small to Mid-Sized Business sector. TorrentLocker URL’s where clicked on by consumers more often but, SMB’s still represented over 43% of the clicks.

It seems that the Ransomware creators have grown tired of preying on consumers that may be unconcerned about data loss and have instead found that small business owners are more likely to have valuable data and to pay to get their data back. The Cryptowall virus has infected over half a million computers since 2014 and it is estimated that it has earned its creators over one million dollars. How many people have recovered their data by paying the ransom fee, which can range from $300 to $500, remains an open question.

The Cryptowall virus is usually spread by phishing emails. These emails contain luring subject lines like resumes sent in response to job ads, customer orders,  as well as notifications from FedEx, UPS, utilities and government Agencies from believable email addresses. Once the included link is clicked the virus downloads onto the PC and begins encrypting documents, PDF files, pictures and other file types on the PC and on any shared drive. What makes the spread of this virus scary is that the virus makers are becoming more and more sophisticated.  Many of these phishing emails now point to valid websites that have been corrupted.  Some are even making use of CAPTCHA (the annoying enter the Letters/Words to prove you’re a human) in order to defeat web crawlers and virus sniffers that many Internet Security tools use.

The shifting nature of this virus and the methods that it uses to spread are concerning to everyone that is trying to protect a network from threats. Because of the nature of this type of virus and its many mutations it is difficult for anti-virus and anti-malware vendors to stop all threats.

So what can you do to protect yourself?

• Anti-Virus: Make sure that you and everyone in your organization has up to date anti-virus software. It’s best if the anti-virus software is centrally managed and reports in to someone that is watching if it is out of date.
• Anti-Malware: Provide for every PC in your organization to have a strong up to date anti-malware program.
• Security: Only give access to shared drives and folders to the minimum number of users required.
• Education: Be sure to communicate to your users about the nature and destructiveness of the threats and how they spread. Be sure to have a policy in place that about clicking email links and attachments.
• Backups: The critical nature of backups in this threat environment cannot be understated. For smaller businesses with a limited amount of data a file based backup may be sufficient. Larger companies or those with more data may want to look at an image based backup in order to reduce the cost of downtime and data recovery.

These are excellent options, and you should make them a process within your organization. Better still, consider retaining an IT Services provider to conduct a 360 degree assessment of potential vulnerabilities. The right firm (we know a really good one!) can craft a plan that will help you minimize the threat, while also providing for business continuity and data protection.

Business Continuity, Ransomware