You arrive at work and turn your computer on, ready to close a huge deal. Instead of the familiar log-in message, you see a countdown timer and a simple message – your data files are encrypted.
If you don’t pay US$300 by the time the clock runs out, you’ll lose your data forever. You check your email on your smartphone and discover the entire executive team is being held to ransom after someone opened an infected file attachment.
Ransomware is malicious software that encrypts the data on your computers. The only way to recover the data is to break the encryption (typically a difficult and time-consuming course of action); recover from a backup that has not been infected; or to pay a ransom to the hacker that encrypted the data – and even if you pay there are no guarantees you will get your data back.
Australian companies and private citizens are significant targets. According to statistics from Websense ThreatSeeker, published in the Telstra Cyber Security Report 2016, 60 percent of 1.05 million instances of CryptoLocker (a very common type of ransomware) attacks were detected in Australia. This is because Australia is perceived as a relatively wealthy country with the capacity to pay.
Telstra’s Cyber Security Report also highlighted the fact that Australians paid out almost $1.3M in 2014 on ransoms, according to the Centre for Internet Safety, and that this amount increased substantially in 2015.
Like much malicious software, ransomware enters organisations through targeted attacks on individuals. Hackers use tools such as the social media profiles of executives to carefully craft email messages that either deliver malicious software directly to an individual – usually in the form of a new game to try or some other supposedly non-threatening file attachment – or direct them to a fake website that exploits a specific personal interest.
What can you do about it?
The Australian Signals Directorate has published a list of 35 strategies for reducing the risks of cybersecurity threats. Although these cover the wide gamut of security threats, many are applicable in combatting the threats of ransomware.
Keeping systems up to date with the latest security updates and ensuring all users, regardless of their position in the company, don’t have administrative privileges to their computers when they are not needed are good first steps.
Maintaining end-point protection software is critical. Many types of ransomware, such as CTB-Locker, CryptoWall 3.0, CryptoLocker and TorrentLocker, are well known in the security industry and can be thwarted with end-point software. However, malware developers are constantly fine-tuning their attacks so it’s critical to train staff in avoiding ransomware and other malware infections.
Good email hygiene is critical. Gone are the days when email could be considered safe. A good rule of thumb is to never click on a link directly in a message without being 100% certain that the link is safe. Similarly, attachments should not be opened without ensuring they have been scanned by security software.
Network administrators should also block known malicious payloads and ban inbound email and network traffic from known sources of malware.
A regularly tested backup regime will also help minimise the damage should a ransomware infection occur. It’s important to note a ransomware payload may infect a machine many weeks or months before it is triggered so that the impact, and therefore the likelihood of a ransom being paid, is increased.
Five things you can do to mitigate the risks of ransomware
- Keeps systems patched
- Limit administration privileges on workstations
- Maintain up to date end-point protection
- Practice good email hygiene
- Backup your data