Author: Graham Cluley. Online extortion is on the rise.
Not only have recent months seen an increase in distributed denial-of-service attacks with demands that companies pay up to have their website returned to normal working order, and even the theft of confidential data with threats that it will be released to the public if financial demands are not met, but there has been a noticeable increase in ransomware attacks too.
Most recently, as reported on Bitdefender’s Hot for Security blog, the Hollywood Presbyterian Medical Center in California caved in to hackers’ demands after being hit by a strain of ransomware which is said to have crippled hospital departments including oncology and radiology. In all, the medical center is thought to have paid out 40 bitcoins (approximately US $17,000) to its attackers.
Even police departments are reported to have given in to online criminals and paid cash to get their data back after being hit by ransomware.
It has become clear that the spreaders of ransomware don’t discriminate. They’re just as happy to hit businesses and consumers alike. But the criminal rewards which can be made if a large organisation becomes a victim of ransomware are significant.
And, whenever ransomware is shown to work for criminals (in other words, when victims submit to the blackmailers’ demands, and pay up) all that is happening is even more incentive is being created for criminals to spread yet more ransomware.
Paying up is definitely not a good thing to do in my opinion. But if an organisation has failed to keep properly secured backups I can understand how they might feel they have no alternative.
So what can be done to avoid having to pay the ransomware-purveyors?
If you ask the FBI, they may very well tell you that you should just pay the ransom, but I’m sure I’m not the only person who finds such suggestions hard to swallow. Why should businesses which are working hard to make a profit, or organisations doing good for the community, hand some of their cash over to criminals?
The answer to the problem, as with many things related to computer security, is to realise that prevention is better than cure.
Here are my top tips to stop your business being hit by ransomware:
1. Backup your data. Don’t just backup your data to a separate partition or an external drive (as ransomware might attempt to corrupt it if it can be reached directly from your computer) but also consider cloud services. Of course, as with any cloud-based service, privacy and security remains a priority so ensure that you’re not just doing backups, but that the backups can be restored easily and that they are being stored securely.
2. Stop running as administrator. The vast majority of users do not require admin rights when going about their normal business online, but every minute they use the computer with administration-level permissions they are increasing the chance that ransomware might manage to encrypt and corrupt essential databases and other files. When you are using your computer with admin rights, avoid browsing websites or opening email attachments.
3. Don’t run software from unapproved sites. Always be suspicious of unsolicited messages, links and attachments, especially if you were not expecting to be contacted in that way or if the wording seems out of character.
4. Keep your computer up-to-date with the latest security patches, as ransomware will often use unpatched vulnerabilities as a vector for infection.
5. Consider running an ad blocker, as ransomware attacks have frequently been launched via booby-trapped poisoned ads.
6. Reduce the attack surface by uninstalling unnecessary plugins where possible (for instance, Silverlight, Flash, Java, etc…).
7. Run endpoint protection on your desktop, laptop and smartphone if possible, and make sure that you are leveraging all of its features. Ensure it is kept up-to-date as tens of thousands of new malware variants are identified every day. In addition, run anti-virus protection at your web and email gateways to help block attacks.
8. If you do click on an unsolicited Microsoft Office attachments (Word documents, PowerPoint presentations, Excel spreadsheets) received via email do not enable macros, unless you are confident it is safe to do so. It can be a good idea to install one of Microsoft’s free Office viewers to open such files by default.
9. Keep you and your colleagues clued up about computer security threats. The last line of defence is you – as you’re the one who clicks on a link, visits a website or opens an email attachment. Taking an active interest in infosecurity and sharing your knowledge with your fellow workers can go a long way to making the workplace safer.