Imagine the following scenario. You receive an e-mail that appears to be from, for all intents and purposes, your superior. There’s a familiar link to a payroll policy update included and you click to investigate. Soon after, a pop up has appeared on your computer screen informing you that your system and data are locked – and access can only be restored if a payment is made. At this point, you realize that you have been infected with something and the only two options you have are to either pay the ransom, or to ignore it, effectively losing all of the data on your system and/or network.
This is a classic example of digital extortion by ransomware. Ransomware is defined as a kind of malware that locks your computer screen and prevents you from accessing your data until you pay the “ransom” to the cybercriminal. Money of course is the motivating factor for these cyber criminals and ransomware is only increasing and making it easier for them to follow the money. A report by the Cyber Threat Alliance found that ransomware generated more than 325 million dollars in ransom income. Ransomware is only going to evolve. In fact, ransomware hackers are now threatening to publish your personal files on the web if you do not pay up. The threat of having your personal data and files in the public domain is terrifying for those who possibly have embarrassing or sensitive data.
It should come as no surprise that many businesses will choose to simply pay off the ransom. In fact, recent headlines show that even the FBI is encouraging people to pay up.
Recently, during the 2015 Boston Cyber Security Summit, Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the Boston office stated,
“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
Ransomware relies on the human aspect and programs like antivirus protection are not guaranteed to stop ransomware. The FBI recommends the following tips to help avoid ransomware.
- Make sure you have updated antivirus software on your computer.
- Enable automated patches for your operating system and web browser.
- Have strong passwords, and don’t use the same passwords for everything.
- Use a pop-up blocker.
- Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
- To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.
However, these tips still offer no guarantee that protects you from ransomware.
Axiom Cyber Solutions offers the Axiom Sentinel, an enterprise firewall and security appliance, to help with ransomware by making sure that criminals have no way to call home. Sentinel makes malware and ransomware communication out of your network impossible, rendering these applications ineffective and unable to encrypt your data. We have identified key transactions in the TCP/IP stack that must occur when a ransomware is executed. This allows us to block ransomware communication in real time.
Ransomware infections will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network.
Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom
Axiom researcher Linda Johnston, in Las Vegas, Nevada contributed to this article.