• Home
  • IT
  • Ransomware – Extortion One Document At A Time

Ransomware – Extortion One Document At A Time

Since September 2013, when the ransomware plague was unleashed on the internet in the form of CryptoLocker and its copycats, to the time of this post, there are now well over a hundred different strains and the end is not in sight. Ransomware has proven to be a highly successful criminal business model and many aspiring cybercriminals big and small are now trying to muscle into this racket.

Pay Ransom One Document At A Time

These mostly Eastern European cyber mafias are in furious competition, they invest a lot of money in “new feature” development.  It is literally only a matter of time before they get smart and start analyzing the files on disk or file server to see which are recent and/or shared, or sit in a directory that indicates high value like accounting, design or software development.

Looking at today’s sophisticated level of ransomware code, it is not all that much work to add a bit more logic and infrastructure so they can extort micro-payments on a per-file basis, and unfortunately Bitcoin is ideal for that. This allows them to extort more money on a per-machine basis.

Anti-Ransomware In The Real World

Lenny Zeltser recently posted his views on this problem, and said: “Any methods for detecting and impeding ransomware cannot be foolproof, as is the case with any anti-malware technology. My expectation is that commercial anti-malware vendors are creating or have already developed more sophisticated methods for dealing with ransomware[…] Those who remember the early days of spyware might recall standalone anti-spyware tools that were later merged into mainstream antivirus products. Similarly, anti-ransomware capabilities are becoming an essential feature of modern Internet security suites and anti-malware products.” True, but we are not there yet. What to do in the meantime?

Should You Start Stockpiling Bitcoin?

A lot of companies in the UK have started doing that. However, there is something else you can do about this right now. Step your users through effective security awareness training, and you are not going to need a Bitcoin stockpile. Here is what one of the companies of new-school security awareness training sent us:

Our focus is “Cybersecurity on a Shoestring Budget”. We are highlighting some of the “quick wins” that we have implemented that have brought us the most “bang for our buck”.  Definitely one of the highest risks to our security posture is at the user level. It always boils down to that new-school security awareness training has substantially helped with that—the training campaigns are bringing us more and more returns. We get feedback from users all the time that the red flags that they learned about in the training videos helped them to recognize that an email that they received was suspicious.”

Here Are 8 Things You Can Do To Protect Against This Plague (apart from having weapons-grade backup)

  1. From here on out with any ransomware infection, wipe the machine and re-image from bare metal
  2. If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly
  3. Make sure your endpoints are patched religiously, OS and 3rd Party Apps
  4. Make sure your endpoints and web-gateway have next-gen, frequently updated  (a few hours or shorter) security layers
  5. Identify users that handle sensitive information and enforce some form of higher-trust authentication.
  6. Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud
  7. Check your firewall configuration and make sure no criminal network traffic is allowed out
  8. Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email

Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.

The BWS “Training the Human Firewall” integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros! It also allows you to send spoofed email that seems to come from the CEO and tries to get employees to wire money out.

Contact us to learn more and get started today.