Ransomware proved a challenge in 2013, increasing 200% in the third quarter.
So says Doros Hadjizenonos, sales manager at Check Point Technologies SA, who outlines how cyber criminals use ransomware to extort businesses by holding their PCs or data hostage and demanding financial payment for release.
According to Symantec, ransomware locks the infected computer until a release fee is paid. The malware is often quite sophisticated, difficult to remove, and, in some cases, can persist in safe mode, blocking attempts at remote support, says Symantec.
In its "Internet Security Threat Report 2013", Symantec says victims are usually infected with ransomware via drive-by downloads when they are silently infected after visiting Web sites that host Web attack toolkits. This ransomware is often from legitimate sites that have been compromised by hackers who insert malicious download code, it adds.
Malvertisements, where criminals buy advertising space on legitimate Web sites and use it to hide their attack code, is another infection method.
Malicious attachments
Hadjizenonos explains that ransomware can originate from opening a malicious attachment in an e-mail, clicking on a deceptive pop-up, or simply visiting a compromised Web site.
"Ransomware threatens businesses in one of two ways - locking a user's screen or file encryption. Lock-screen ransomware, as the name suggests, causes a PC to freeze while displaying a message with the criminal's ransom demand, rendering the computer useless until the malware is removed," he says, adding that it is survivable because it typically affects a single PC and is relatively easy to remove.
File encryption ransomware, on the other hand, is quickly emerging as a genuine threat to businesses because it can permanently lock users out of their files- not only on individual PCs, but across an organisation's entire network, he notes.
To protect themselves against these new, aggressive types of ransomware, as a first step, it is important that organisations implement basic security best practices, like ensuring anti-virus software is updated with the latest signatures, ensuring operating system and application software patches are up to date, installing a two-way firewall on every user's PC, and educating users about social engineering techniques, especially involving unknown attachments arriving in unsolicited e-mails.
"However, these measures do not offer complete protection against attacks. It's all too easy for an employee to inadvertently click on an e-mail attachment, triggering an infection. It's also relatively easy for criminals behind a ransomware scam to make small adjustments to the malware code, enabling it to bypass current anti-virus signature detection, in turn leaving businesses vulnerable."
Sandboxing
Hadjizenonos believes sandboxing is one of the best ways to protect against ransomware. "To defend against new exploits that may not be detected by conventional anti-virus solutions, a new security technique makes it possible to isolate malicious files before they enter the network so that accidental infection does not occur.
"Without impacting the flow of business, this technology - which Check Point calls threat emulation - opens suspect files arriving by e-mail and inspects their contents in a virtualised environment known as a 'sandbox'."
In the sandbox, he explains, the file is monitored for any unusual behaviour in real time, such as attempts to make abnormal registry changes, actions or network connections. If the file's behaviour is found to be suspicious or malicious, it is blocked and quarantined, preventing any possible infection before it can reach the network - or users' e-mail inboxes - and nullifying the risk of it causing damage, he adds.
"Businesses should consider taking these extra precautions to ensure they don't fall prey to cyber criminals who need only a sliver of security weakness to get into the network and take company assets hostage. With the potential to capture all of a company's files and data in an instant, ransomware poses a significant threat that organisations should take seriously."
Share