Ransomware – a brief overview

There have been a number of ransomware attacks on Australian businesses lately. Awareness of this threat is increasing, but a number of small businesses, in particular, are still in the dark around what this is and how to protect themselves against it. Within this brief article, I shall try and cover both these points.

Firstly, ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while some may simply lock the system and display messages intended to coax the user into paying.

Ransomware typically propagates like a conventional computer worm, entering a system through, for example, a downloaded file (usually send via a link in an email) or a vulnerability in a network or operating system service.

Ransomware has become a major concern with a series of well publicised attacks crippling small businesses, including most recently, two small businesses in South Australia and a school in Byron Bay. This follows attacks on a Queensland medical centre and other businesses across Australia.

Two styles of 'ransomware attacks' have emerged.

The first may be the more likely of the two to strike but it is also potentially less debilitating. This version simply locks the victim's screen. The second style of ransomware is a more targeted attack, and actually encrypts files on the target computer.

In the first type, criminals have, to date, been using an official looking logo to intimidate the victim (such as a local law enforcement agency or a government department) and simply locking their victim's screen so they cannot access their computer until a payment has been made. It is a broad brush approach, distributed en mass in the hope that a percentage of victims will chose to pay the 'fine' or ransom demand presented on the locked screen. This scenario does not typically encrypt any files on the victim's computer (although early examples may have) and is more often now just a form of malware, for which most security vendors have tools to assist.

The second type of ransomware is a more targeted and challenging concern. Under this scenario, cyber criminals specifically target a particular victim, typically a small business. The computers targeted are actually hacked and files on the computer encrypted. Without payment, files remain inaccessible. This type of specific, targeted attack is more difficult for small businesses to remediate. The best solution, once you've been targeted, may be to simply cut your losses and restore your systems from a regularly updated back-up, so it's important to ensure you have good back-up processes in place.

So having discussed what ransomware is, let’s look at some simple ways of trying to prevent this type of attack:

1. Make regular backups of all your important files, and importantly store copies of your back-ups offsite. The attackers are known to also encrypt or delete backups that are connected to the computer or network.
2. Ensure all your systems are fully updated.
3. Limit remote access to your systems directly from the Internet.
4. Enforce strong passphrase/password policies on your IT systems to reduce the risk from brute force attempts at cracking passwords.
5. Implement account lockout policies (account locks if too many false attempts are made) on your IT systems to reduce the risk from brute forcing attempts.
6. Where remote access is necessary, use secure methods such as a Virtual Private Network (VPN), require two-factor authentication (two methods, not just password), and restrict access to only those individuals, systems and services that really require remote access.
7. Use up-to-date anti-virus software, and consider using different vendors for gateway and desktops / servers.
8. If feasible, implement host intrusion prevention systems (HIPS) and enable personal firewalls on all desktops / servers.
9. Limit the amount of personal information placed on the Internet.
10. Do not provide financial or other personal information to people that you do not know or trust.
11. Never click on links contained within spam or unexpected emails.
12. Implement mail and web content filtering to try and prevent malicious content entering your network via emails and the Internet.
13. Develop basic guidelines on IT, email and web security and distribute this to staff.
14. And above all, ensure that all your staff members are aware of the threat, the policies mentioned above and these basic steps to help prevent infections.

Ransomware attacks are unfortunately likely to keep increasing. However, the steps above can go a long way towards preventing an infection on an unsuspecting victim’s IT systems.

References:

  • http://www.staysmartonline.gov.au/alert_service/advisories/ransomware_attacks_will_increase_in_2013
  • http://en.wikipedia.org/wiki/Ransomware_(malware)

Join the CSO newsletter!

Error: Please check your email address.

Tags ransomware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ashwin Pal

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place