Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to prevent ransomware: What one company learned the hard way

Robert Lemos | March 27, 2015
In the real world, kidnapping is a risky crime--getting paid usually means getting caught. In the digital world, however, demanding ransom for data, or ransomware, is an escalating epidemic, a popular crime which is leaving many businesses and consumers at risk of losing data.

In the real world, kidnapping is a risky crime — getting paid usually means getting caught. In the digital world, however, demanding ransom for data, or ransomware, is an escalating epidemic, a popular crime which is leaving many businesses and consumers at risk of losing data.

One small company in New England — a retailer with some two-dozen employees — learned that the hard way. A click-happy employee ended up infecting one system with a prevalent threat known as CryptoWall, according to the company's co-owner, John, who asked that his real name and details of his business not be revealed.

Ransomware may roam undetected

Quietly, the malware reached out over the Internet to get a unique key and then, over the next three days, encrypted data on the compromised system. Much worse for the company, the malware encrypted accounting data on a mapped drive on the firm's server.

The retailer learned of the infection when its accounting software failed to open financial data on the mapped drive the following Monday. "The ransom note never popped up on the screen," John said. "The accounting program just stopped functioning one morning."

When a support tech investigated the accounting software's problems, more than 200 copies of a ransom note were found scattered around the file system, directing the firm to pay $500 in Bitcoin to the criminals.

Ransomware is on the rise. Kicking off with Cryptolocker in 2013, a steady parade of pernicious ransom-demanding software has hit unfortunate victims. Cryptolocker likely made its operators tens of millions of dollars until authorities disrupted the network in May 2014, shutting down Cryptolocker command-and-control servers and the GameOver Zeus botnet infrastructure that spread the malware. Yet, other ransomware variants have arisen. Between mid-March and August 24, 2014, for example, more than 600,000 systems were infected with the CryptoWall variant of ransomware, according to research conducted by managed-security firm SecureWorks.

Data-nappers are going mobile as well, according to recent data from mobile security firm Lookout. In 2014, four of the top five malware programs encountered by Android users in the United States were ransomware, posing as a legitimate app and then, after installation, locking the phone and demanding payment. While the threat of mobile malware continues to be low — only 7 percent of Android users even encountered malware — ransomware accounted for nearly all of the 75 percent increase in encounters from the previous year, according to the company.

Your best defense: Back up, back up, back up

The solution to ransomware is fairly simple — at least, for now. Consumers and small businesses with a good backup process will be able to recover much of the data encrypted by the attackers. Companies who are doing backups on-premise should make sure they can recover an image of the data for months in the past and keep multiple copies. Any backups made between the time of infection and when the attack is detected will be encrypted, and thus unrecoverable without paying the ransom.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.