Are Your Devices Secure from Email Ransomware?

With the rise of mobile devices from smartphones to tablets, email ransomware has become a major security threat worldwide. No longer do you just have to worry about cloud anti-spam efforts, but ensuring that your corporate devices and “Bring Your Own Devices” are safe from this potentially costly malware should be a top priority for your company.

The Rise of Ransomware

The proliferation of smart mobile devices has been a driving factor in the  world’s dependence for the Internet. As a result criminals have been able to develop malware that has allowed them to further promote their needs. Over the last couple of years it has in fact become one of the most problematic forms of malware for businesses and individual users. Protecting against this type of malware requires some unique cloud anti-spam techniques.

Ransomware such as Cryptolocker, Koler and Locker strains can infect any Internet- capable device including laptops and desktops, which can make them extremely dangerous forms of malware.  For Android devices and tablets these strains are often shared through social media links or through websites that encourage downloading video player apps. These links and websites are also often accessed on these devices through standard email apps.

How Ransomware Works?

Ransomware itself is not all that complicated in its process. Here is a quick how to guide explaining how your company may become infected.

1. Initial infections are not very complex. An employee on your network clicks a link on a social media site, accepts to download a media player or clicks an attachment or link in an email on the device.
2. The ransomware then alters the relevant registry keys to ensure it runs when the device is running.
3. The malware then contact’s its home server to get an encryption key and registers the attack.
4. It then initializes the attack on the device, encoding data stored on the device and for most mobile devices locking the user out of the device by assigning a random pin to its security lock screen.
5. The malware then notifies the user with a fake notice of either wrong-doing posing as a law enforcement agency requesting payment of a fine or simply posting a ransom request for the return of a working device.

How to Stop Ransomware ?

Educating users and having an effective cloud anti-spam protection suite is the only way to cut down on this type of malware.

1. When downloading anything from the web, users should automatically have those downloads scanned by two antivirus programs, to ensure better email security.
2. When possible, block users from accessing potentially malicious or vulnerable websites, stopping the download before it begins.
3. Block all outbound connections to TOR or anonymous networks therefore blocking the ransomware from registering its attack and providing the encryption key needed to work.

Ransomware can cripple your company’s devices and productivity and lock down strategic and sensitive data. Ensure your cloud anti-spam and ransomware protection tools are up to date.

Expert Comment from Yves Lacombe (Director of Customer Support):

“People with network administrative access should never access external email ideally and only do it using a normal user privilege account for starters. All shares on your network should be identified/cataloged and privileged access (r/w) should be on per-need basis. All shares should ideally have a proper daily/weekly/monthly backup regimen to avoid propagation. Unfortunately at this point the damage is done already but we should always have a default-deny security model from now on when it comes to this sort of thing. Ordinary users should never have admin access to their workstations and only limited share access as-needed.”