Ransomware is one of the most insidious threats on the Internet today and it’s on the rise. Just this past weekend the BBC and the New York times reported a large scale “malvertising” breach demanding its ransom payable in bitcoin.
Between the two main types of ransomware threats – Lock Screen Ransomware and File-Encrypting Ransomware, we’re most concerned with the latter since there’s no known fix. Within the file-encryption category, the most common attacks include Cryptolocker and Cryprtowall. These generally exploit security holes in a network to enter and install themselves on the system and its devices. Once the ransomware is active, it will encrypt critical files sending access keys back to their masters who pop messages to users and admins of the method and terms of payment.
These two types alone cost companies and individuals nearly $50 Million last year.
In large scale cases like the most recent attack, cyber criminals hijack ad network serving legitimate content sites to create multi-prong attacks that direct users and their browsers to sites waiting to install their malicious payload. Here they took advantage of a known security hole in Microsoft’s outdated Silverlight plugin (who doesn’t miss Silverlight?) to replace ad server content with their own malvertising ads to lure billions of potential victims.
Needless to say these very sophisticated attacks can quickly cripple a network and impose untold damage and cost on companies and individuals. And while there is no silver bullet fix, there are a few things that IT managers and System Administrators can do to keep ransomware at bay.
Fight Fire With Fire
Often the eureka moment in an action movie (you know, heroes battling the odds…etc.) is that moment when they realize that their best defence might be found precisely in their enemy’s strategy. Since most ransomware needs to identify what it deems “important” among the documents it finds on your network, say spreadsheets, financial statements, personal information, contracts, lists etc., only to encrypt them from you, why not encrypt yours from them? If they can’t see or identify the files on your system, they’ll have a hard time determining what to hold hostage and can’t access it anyway.
Call In For Backup
There probably isn’t a system admin or IT person alive who doesn’t do this already, and if you’re that person you might consider another line of work. For the rest of us, backup is the key to normal network housekeeping and disaster recovery, and a ransomware attack is most certainly a disaster. But following step 1, Encrypt and step 2 Backup, so what if a cyber criminal got a hold of your mostly encrypted totally backed up document repository? They can’t access it without getting into serious hacking, and you have the only other copy.
Be An Admin & Don’t Always Be An Admin
While this may sound a bit counter-intuitive, bear with us. We all know it’s generally a good idea to reserve application installation and management for admins. But just because you are an admin doesn’t mean you should be logged in and running applications as one all of the time. Remember that as big and powerful as your ship is just as big and powerful as the enemy pirate who boards and takes it over. No need to invite that kind of flagship boarding. Gaining admin level control over a network can very easily undo all of the previous preventative steps you’ve taken.
Upgrade Applications and Plugins Early, Wisely & Often
As we saw with the recent BBC/NYT attack the exploit slipped in through that old, outdated Microsoft flash competitor Silverlight. While we may be wary of the latest greatest OSs and app versions for precisely the same reasons, out of date apps, browsers and browser plugins are accidents waiting to happen. With this in mind the exceptionally proactive IT manager might create a white list of apps and extensions and strictly enforce a well-documented blacklist.
Savvy Surfing is Safe Surfing
Even if the difference between a good site and a malevolent one seems painfully obvious to you, not everyone on your network has your eagle eye for danger. And don’t forget some of the site spoofs you see today are way more sophisticated than they were just a few years ago. We can no longer necessarily trust our nose for bad sentence structure, lame branding and design to sniff out a malware site. For that reason it’s a really good idea to make a point of staying up on the latest threats and in turn sharing red flags with the users on your system.
Good Defences Make Good Neighbors
On the corporate security side, make sure your systems including endpoint AV, email security are all running with the latest updates and signatures. Over the last year, quite a few major email security systems have gone into the End of Life (EOL) sunset including Microsoft Forefront and McAfee MX Logic. We know that quite a few companies are still running these systems even though they are not being supported or updated and that’s a danger.
While these steps alone are no magic cloaking shield against ransomware and other threats they certainly take the wind out of the sales of the pirates. Remember that their whole game is about the value you put on restoring the documents they’ve taken and encrypted. If their click bait ads and phishing emails aren’t fooling your staff, and even if they do get in they can’t see your files because they’re all encrypted, and you’ve got the only other copy, there’s little ground for a ransom.
Leave a Comment