It’s the hottest hacking trend of the year, but this is one trend you want to avoid
Ransomware has been around for a few years, but it’s growing in popularity with more advanced — and more devious — variations to exploit victims. There’s even ransomware-as-a-service, such as Ransom32, allowing inexperienced hackers to get in on the action.
The best way to thwart these attacks is to be prepared — and not react based on fear. Security products and protocols are critical. But so is something much simpler: a backup and recovery solution.
“By regularly backing up data, enterprises make many parts of incident response from this and other types of malware much easier,” writes Nick Lewis, program manager for trust and identity at Internet2, in a post for TechTarget. “If the data can be easily recovered from backup, the system can be rebuilt and the data restored to recover from the malware.”
In a ransomware attack, hackers encrypt files until the victim pays a ransom (typically in virtual currency), at which time a decryption key is provided. The victim is given a payment period, and if they don’t pay up in time, the ransom increases — usually quite dramatically.
New variants are popping up, such as Samas, which targets out-of-date versions of JBOSS and encrypts data on entire networks (not just one computer at a time), and Chimera, which not only encrypts files but also threatens to release them to the public if the ransom isn’t paid. (According to TrendLabs Security Intelligence, the malware doesn’t actually have the ability to do this, but fear can drive organizations to pay up.)
Ransomware can be spread through phishing emails with malicious attachments or drive-by downloading, as well as vulnerable Web servers. For a business, the results can be devastating: loss of proprietary information, financial loss and reputational damage.
And it’s on the rise — because it’s so effective. Many organizations would rather pay the ransom than risk losing their corporate data, or having that data exposed on the Internet for all to see. That’s a reaction based on fear and panic.
The University of Calgary’s recent admission that it paid more than $20,000 to hackers after its system was compromised makes it clear why it’s more important than ever to have a plan to mitigate ransomware. The university paid up in order to regain access to its own email system; it didn’t want to lose researchers’ work, according to an article in the Toronto Star.
The bigger question, though, is why that research wasn’t backed up (and in multiple locations). Because, once an organization pays ransom, who’s to say it won’t happen again — and again, and again?
The Canadian Cyber Incident Response Centre issued a joint alert with the U.S. Department of Homeland Security earlier this year about the proliferation of ransomware. The CCIRC estimates there were more than 1,600 ransomware attacks against Canadians last year. And that number is expected to grow; after all, when organizations pay ransom, it encourages extortionists to keep demanding it.
More of these attacks are going after public organizations, such as schools and hospitals. Norfolk General Hospital in Simcoe, Ont., for example, became a host for TeslaCrypt — a ransomware variant — that spread malware to the site’s visitors, asking them to hand over $500 to recover their encrypted files. This also happened to the Ottawa Hospital and Hollywood Presbyterian Medical Center in Los Angeles, which admitted to paying hackers US$17,000 in bitcoin to regain access.
Private organizations aren’t immune, either. Earlier this year, the New York Times, BBC and NFL sites were all hit, thanks to infected ads. In this case, the malware attempted to find a backdoor into users’ computers, where it installed ransomware and demanded payment in bitcoin.
Clearly, ransomware isn’t going away anytime soon. Security products and procedures can help; anti-exploit tools should be part of your security arsenal. But the best defense is good backup, which includes backing up all data to disconnected storage media (since you don’t want those backups to be encrypted by ransomware).
That way, if your organization is targeted, you can wipe your systems and restore them to the last clean version — just like you would if dealing with a hardware or application error.
But not all organizations have effective backup and recovery strategies in place. They might not run their backups often enough, or they may not test them to see if they successfully recover. And it might not be enough to back up just critical data and documents, according to Maria Korolov in a feature for CSO. “Entire machines may need to be backed up, if they are critical to the business.”
Ransomware isn’t going away. But finding the right backup strategy for your organization — which may involve working with a third-party specialist — could thwart any would-be extortionists without having to pay a single bitcoin.