Ransomware attacks on businesses are on the rise. What exactly is ransomware and how can you protect your business from it?
As the name suggests, ransomware is malicious software (malware) that effectively highjacks a computer, preventing access to any data. The perpetrators then demand payment of a ransom – typically a sum of between $60 and $600 for individuals – with the promise of restoring access. Some forms of ransomware encrypt files on the hard drive while other simply lock the system.
It is by no means just home computers that are at risk however. Criminals are increasingly targeting cash-rich, time-poor businesses with reports of critical servers being infected as a results of a single, errant download. Around the world, everything from law firms to police departments have been hit.
Malware has been around as long as the internet but attacks are becoming more sophisticated and growing at a faster rate than ever before. Security software vendor McAfee reported collecting over 250,000 unique samples of ransomware in the first three months 2013 – an increase of 100% on the corresponding period in 2012.
Think you are immune? Think again
One of the most high profile ransomware worms of recent times, known as Reveton, hit the headlines in 2012 with the perpetrators masquerading as American law enforcement agents.
This was followed in 2013 by CryptoLocker, a ransomware Trojan that targets computers running Microsoft Windows. Typically, it propagates via an advert on a compromised website or via a seemingly harmless email attachment from an apparently trustworthy company. This may masquerade as something as familiar as an update for Adobe Reader, Flash Player or the Java Runtime Environment. Currently the US is seeing the highest number of malicious ads, with the UK coming a close second.
In another incident stateside, the entire police department of Durham, New Hampshire lost control of its computers to a ransomware virus in early 2014. Needless to say they didn’t pay the ransom and were eventually able to restore their systems thanks to robust backup arrangements.
Since the appearance of CryptoLocker, other similar malware has emerged including CryptoLocker 2.0, CyrptoDefense, CryptoWall and CryptoBit. To aid dissemination, criminals have even gone so far as to package ransomware in kit form, selling it on underground forums to less technical fraudsters.
Ransomware is big business
Given the nefarious nature of ransomware, it’s difficult to reliably assess the sums involved. However, in December 2013, ZDNet traced Bitcoin addresses posted by victims of CryptoLocker, in an attempt to gauge ransom takings. They came up with a figure of around US$27 million for the final three months of 2013. This is very similar to the results of research by Dell Secureworks who estimated that CryptoLocker raked in $30 million in the first 100 days of its existence.
Protecting your business from this growing threat
Since most attacks start on a single, client machine, you would be wise to first secure your client estate and educate users to the threat. A sensible first step is to implement many of the same precautions that are advised to home computer users, such as:
- Invest in reputable anti-virus software and ensure it is always up-to-date
- Keep firewalls turned on at all times
- Ensure operating system automatic software updates are turned on
- Schedule a weekly or daily anti-virus scan
- Don’t open obviously spam email and messages or attachments from unknown sources
- Never click links on suspicious websites
- Run machines with ‘user’ permissions rather than ‘administrator’. In many cases this simple measure can prevent malware from being installed in the first place
But what about your server estate? How can you protect that?
Isolate yourself from risk
The simplest and safest solution for any business to protect its server infrastructure from the threat of ransomware is secure hosting. Allowing a specialist third party to manage the vital aspect of your business will ensure that there is a constant focus on security.
Whether or not you chose to work with a hosting provider, the following precautions can help keep your servers safe.
Service isolation - making sure that where logically and commercial appropriate, different services operate on different platform, virtually or physically, can ensure that an attack on one doesn’t roll out to impact the whole business.
Database servers are typically the most valuable in the enterprise so ensuring that these too are not only isolated but also completely inaccessible from the web is paramount.
The best offence is a good defence
If all else fails and your organisation is stricken by ransomware, an effective backup strategy could save you.
Keeping regular back-ups and testing your recovery procedures could help your bounce back from even a severe ransomware attack with minimal downtime and data loss. But be aware, if encrypted files are synchronised with your backup, they will be rendered as useless as the local originals. Therefore don’t rely a single, simple backup solution – timeframe and geographic diversity are essential for true security from ransomware.