Read Time: 2 Minutes
It’s become clear to us over the last few weeks that ransomware is changing. Unsurprisingly, it’s changing for the worse (if you look at things from our perspective) and it’s becoming more common.
What’s more, it’s not just consumers who are at risk now. Back in December of last year, in what is becoming an increasingly common media report, a medical clinic in Australia which was hit with a $4,000 AUD demand after its patient records were encrypted. And consumers who use their personal computers to access the corporate VPN will find that CryptoLocker will move into the corporate network too.
Ransomware has changed
As with the average legitimate business, ransomware was originally labour-intensive which was a significant overhead. Over time, this cost has reduced and the number of ransomware threats we have seen has risen. Local knowledge has helped the bad guys here – specifically, knowing which anonymous payment mechanisms exist in a given area.
There have been times when we have seen a particular sample of ransomware roll out across the globe – one week spotting it in the UK, the next in the US and so on. This is not a game to them.
The ability to socially engineer somebody into installing malware which encrypts their stuff has been around for years. It’s been ready to go. It’s just the labour-intensive aspect of collecting the money that has kept it from being the business model for crimeware, until now.
So what do businesses need to do?
Close all known security gaps by making sure that all software is updated automatically. This will significantly reduce your attack surface in the face of an exploit kit. Also if you are using Java in your organisation, it should be limited to a specific browser which is not used for usual web browsing.
Finally, I would urge any security pro on the frontline to contact a company which recovers hard drives and ask for a quote covering every machine in your organisation. When the budget-holder sees what the potential cost could be to recover from a ransomware attack – including the cost of downtime – it becomes a no-brainer to make sure everything is automatically covered.
Based on an article by Sean Sullivan, originally published in itsecurityguru.org
Orignal Photo by kmnascimento