URGENT: Ransomware on the rise!!!

[NewsLady]

 

There is a rapidly increasing threat among on-line and connected devices - Ransomware. Today's ransomware will encrypt all your files, your documents, pictures, videos, and more and require payments amounting to several hundred to thousands of dollars for recovery. They are encrypted with a public key for which only the company ransoming your data has the private key for. This means that without paying, there is no way to recover your data.

"Millions of ransom attacks are attempted on companies both small and large each year." - NPR, All Things considered, 2/22/2016

That quote was from the beginning of the year, and was perhaps a harbinger of things to come this year. Ransomware problems have increased so significantly this year, that the FBI put out an announcement - Incidents of Ransomware on the Rise. According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.” and the FBI's recommendation is that you don't pay the ransom, which means if you aren't already protected, you will suffer a catastrophic data loss. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

I've been watching trend-lines on threat analysis, and the rate of increase in ransomware attacks continues to grow rapidly, even since the announcement by the FBI just three short months ago.

What can you do to protect your system and your data? For the FBI and those of us in the security space, it falls to the same mantra we've been repeating for decades now: Implement strong prevention and continuity controls. What does this mean to you? In respect to consumer and home systems, the most pertinent parts are (From the FBI site):

Prevention Efforts

• Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
• Ensure antivirus and anti-malware [and anti-ransomware] solutions are set to automatically update and conduct regular scans.

Business Continuity Efforts

• Back up data regularly and verify the integrity of those backups regularly.
• Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

So in other words, ensure that all your devices, from computers and laptops to mobile and tablets to network devices such as routers, wireless routers, and firewalls are all up to date and current on their updates and patches. Not only do the devices you regularly use need to be regularly checked for current versions, but so do your routers and other devices you have on your network. In issues where a device is too old or running software that is too old to update, upgrade the device or OS. If the cost seems to much to do right now, then make sure that device has no access to data on your network, no access into any shared files, or any data you wish to keep.

Run antivirus on all devices capable of doing so. Antivirus alone however will not protect a system. It is for the most part exactly what it states. It is antivirus. Not anti-malware, not anti-ransomware, but anti-virus. Having worked for years at Symantec, makers of Norton antivirus and many other security products, I'm very aware that while antivirus may catch and eradicate some other forms of malware and ransomware, that is not its primary purpose. Also install and run anti-malware and anti-ransomware to ensure the security of your device.

Backing up and verifying the backup of your data is critical. All too many times people have run a backup, but not verified it's authenticity, and a corruption here or there can make an entire backup unusable. Check your backups to make sure they worked!

Finally, secure those backups! Disconnect them from any system and your network when it is done. Solutions such as Apple Time Machine connected to an apple router may seem convenient, and will backup at regular intervals when connected to the network, all that will do is protect you against a crash of your system - which is an important protection. However, ransomware such as Cerber will scan your entire network, every share, every drive, every time-machine accessible system and encrypt those files as well. Today's ransomware has become extremely mature in it's ability to find and encrypt all your personal data across your network and devices.

If you do get infected, then run a check on your backup from a system you know to be clean before you restore anything. On the host you're restoring to, make sure that any traces of the virus have been eliminated. The most effective way to do this is by reinstalling the system to ensure it's clean. Since some malware is able to insert itself prior to antivirus and antimalware utilities, then scanning from the infected system does not always fully clean all malware. If you're not going to reinstall, then to try and ensure the most clean system possible, remove the hard drive from the infected system and scan that hard drive from a known clean system.

Implementing these above items will help to mitigate your risk significantly and provide data continuity in the event of infection. Nothing is guaranteed however, so the more layers that you can implement, the better chance you have. Many of today's home routers and wifi routers have built in firewall capabilities, that provided a good added layer of protection, but it can only provide this protection if it is up to date and able to see the traffic moving. So keep all your devices up to date! If you're using a VPN, then understand all that serves to do it keep your data and location confidential. It can however increase your risk substantially however. Many of the ransomware specifically target the United States because of the perceived increase in disposable income when compared to other countries, so if you are terminating your VPN in the States to access services such as NetFlix and Hulu, then you are increasing your risk and subsequently need to increase your protection. Also if you are connecting your VPN at the host or device level such as a computer rather than at the network level, such as your router, then you are removing the added protections of your router's firewall and are essentially placing that computer directly on the internet. Any system in such a scenario becomes an easy target, especially not up to date on it's patches, not only to your data that system has access to, but every system inside your network once that malware is brought into your network through the infected exposed host.

At a bare minimum, run backups that you check the validity thereof and then disconnect the device from your network, and run updates on all your systems. If you are using Windows 7 or older, support has ended for these devices, which means you can not update them for security issues any longer and need to get more current to Windows 8.1 or Windows 10 as quickly as possible. If you are running an Apple Mac, Apple will likely end support of their big cats line (up to and including 10.8 Mountain Lion) by the end of this year, so you need to get at least to Mavericks or preferably Yosemite or El Capitan soon. This may well happen about when they release Sierra later this year, which is shaping up to be quite a nice OS based on my experience with the beta thus far.

 

Hopefully you are all able to get yourselves safe and secure, little is worse than a total loss of data, whether it be pictures of family or critical documents.

If you need any help, at Inspired Solutions we have over 20 years of experience in computer security, and can help you take the necessary precautions to increase the ongoing availability of your data.

 

Christian

6294.7351