Ransomware: Why does this cyber threat keep growing?
Let’s go back in time by 30 years, and picture a typical business environment: The office is amass with filing cabinets, all full to the brim with documents that have been carefully separated into reams of brown folders. Heavy, thick set typewriters adorn each large dark wood desk.
The filing cabinets have impenetrable looking locks guarding every drawer. The keys to each drawer are different, and each key has its own box, which is also locked. Want to find a document? It’s like the Da Vinci Code of filing cabinets.
Back to the contemporary, and you’ll be hard pressed to find a business which doesn’t rely heavily on technology to host and share information. It doesn’t matter if it’s Word files, Excel spreadsheets, or even presentations – they have all taken the evolutionary step out of the filing cabinet and into the virtual environment.
It’s now extremely likely that your business relies on IT to communicate electronically with your clients, or share information with your colleagues. The set of pixels that appear on your screen either lead back to that locked away server room, or the ‘cloud’ which we know to be hosted in a secure datacentre, under lock and key.
It doesn’t matter how your business chooses to store its data, I think most company’s worst nightmare would be to come in one day and find all of your work gone. Or worse – someone has stolen your data and is demanding you pay money for its safe return.
For a good few years now there has been a circulation of what, in my opinion, is one of the worst known type of viruses out there: Ransomware. Unfortunately it’s on the rise again at the moment, and has evolved to something potentially devastating in today’s modern technological world.
On a typical home computer, this type of virus might encrypt your Microsoft Office documents held on your Desktop, My Documents, My Pictures etc. The virus encrypts your documents and then slaps a password (which you won’t know) on everything you have created or even temporarily stored on your PC.
You will often find a set of instructions near the encrypted files with a cheeky Q & A telling you what has happened to your files, and how you can get them back (often by making a payment of some sort). We’ve even seen cases where the hacker says he will upload extremely indecent images to your PC and then alert the police, unless you pay a sum of money within a certain amount of time.
This gets even worse in a business environment, because your computer is probably linked into a shared working environment such as a network drive, which then maps to your department or company’s networked server storage. If the virus manages to do what it’s been designed to do, and finds its way into your server, then your entire company will soon start to find their work has become encrypted, and once again you are left with a ransom to regain access.
Imagine the feeling being the person who has accidently allowed the virus onto your company’s network, and you know you will have to bear the brunt of the moans and groans of your colleagues who have lost their work – certainly not something I’d like to have on my shoulders.
There isn’t an easy way of getting around the encryption on these files either. It can’t simply be accessed by changing the file extension, or by going straight to the virus and removing it from the system. The damage has already been done.
30 years ago, when our documents were physical and all our information was stored on site, you only had to worry about thieves actually breaking into your building and taking what didn’t belong to them. So, you put as many things under lock and key as you could, and that was that.
Now, thieves don’t need to be anywhere near your office to have the opportunity to steal from you. And yet most people haven’t adapted their traditional ‘lock and key’ approach to reflect this. There are now infinite ways into your system.
So what can you do?
You could of course just pay the ransom. But I’d strongly advise against this. In my experience, no matter how much you pay, there’s still a high chance that you won’t get the sought after password to regain your access to your files. You may even find that the ransom price will increase once the instigators think you’re willing to pay money. It’s not as if a criminal will care about your consumer rights at this stage.
Secondly, a well-managed IT environment will have a viable backup solution in place, and this is always the best course of action to take. You’ll also need to make sure you can confirm that your network is free of the virus, so of course so a capable anti-virus solution is critical too.
Thirdly, and this is the most important one: user awareness. The ransomware virus can only enter your network if someone opens an infected attachment, or clicks on a link which then allows the hackers to gain access to your computer. Or, in some cases, hackers actually replace downloadable software on certain trusted software providers websites.
Ensuring that your staff do basic due diligence before opening attachments or clicking on links in emails from people they don’t know, is critical to stopping this type of virus. If something looks suspicious, it’s always better to be safe than sorry.
A good anti-virus solution is great, but you can’t just assume this will keep you safe and forget about basic IT security. Hackers are always trying to find ways to get their viruses to circumvent the system, and it makes their job a great deal easier if people are willing to let them straight through the back door.
Up until now, Cryptolocker, which is the most prolific type of ransomware (example shown above) and other types, have generally been only found Windows PCs due to the massive volume of users worldwide.
In the past 24 hours there has been a massive surge in Apple MACs being hit with this type of virus. This type of virus has been modified and is known on Apple devices as KeRanger. The same principle applies, with a threat of data loss unless the end user pays the ransom.
As viruses evolve and find their way onto different devices across different operating platforms, it’s more essential than ever that users keep their eyes open for unusual looking emails and untrusted software hosted on websites. If in doubt, don’t open it and seek guidance from your IT support.
A rule for your IT support would be to always ensure regular backups are being carried out, as this will be your saving grace should the Ransomware virus come a knocking.
So why does Ransomware keep coming back? One simple reason: because people keep paying to have their data released.
I’m sympathetic to the people who think they have no other option than to pay. At the end of the day, your business is your data and to lose it would be catastrophic. But every time someone pays up, is another incentive for hackers to keep installing ransomware. So my advice would be to not pay the ransom fee.
I’ll leave you with one last thing – be absolutely rigorous in your approach to user awareness and backups. Sitting on the support desk and dealing with the sort of cases I do, it’s a lack of attention to these two things which always makes the situation 100 times worse than it might have been.
Putting everything under lock and key was a great idea 30 years ago. Now the key is in lots of different places, and, if found, it can open every drawer.
You can read more about making your employees aware of IT Security in this guest blog by InfoSec Institute