When a business is hit by #CryptoMalware, data is encrypted into an unreadable form until a ransom is paid to #cybercriminals. No wonder 42% of SMBs consider this to be one of their most security threats.
IF YOUR BUSINESS IS ATTACKED, DON’T WAIT – LET OUR TECHNICIANS WORK! CALL 1300 466 866 or email firstname.lastname@example.org
When the first cryptors were unleashed, it was often possible to reverse their effects. Today’s cybercriminals are no longer making basic errors. They’re using much more complex techniques that can be extremely difficult to reverse.
WHAT IS RANSOMWARE?
As its name suggests, #ransomware is a specific type of malware that tries to extract a ransom payment in exchange for unblocking access to an asset that belongs to the victim. In the case of crypto-ransomware–or cryptors–the ‘kidnapped’ assets are the files and data that are stored on the infected device. The #cryptor encrypts the victim’s data into an unreadable form, and the data can only be decrypted by using the necessary decryption key. But that key is only released by the criminal after the victim has paid the ransom demand.
If one of your devices is infected, the attacker will normally give you 48 to 72 hours to pay the ransom. If you don’t pay within the deadline, the price for decryption is likely to increase. After a second deadline passes and the payment is still not made, it’s likely that the decryption key will be deleted. At that point it may be impossible to recover your files in a readable form.
If your business is attacked, beware of false remedies promoted on the Internet. These may only add to your problems. Often, they don’t work and just take more money from the victim. Some “remedies” can even download additional #malware onto the victim’s network.
Even if you do pay the ransom, there’s no guarantee your data will be unencrypted! Some cryptors contain software bugs that may cause them to malfunction–so the decryption process fails. In other cases, the ransomware variant simply does not have decryption functionality. Instead, the criminals simply intend to take the victims’ money.
In today’s ‘information age’, any temporary loss of data can totally disrupt business-critical processes, leading to:
- Lost sales
- Reduced productivity
- Significant costs for system recovery
However, the permanent loss of data can have much more severe consequences:
- Permanently damaging the company’s competitive position
- Reducing sales revenues over the long term
- Preventing ongoing access to intellectual property and design data
This can put the entire business in jeopardy.
HOW A CRYPTOR ATTACKS
Like most other types of malware, there are many ways in which a cryptor can find its way onto computers and other devices. However, two of the most common ways are:
#WaterHoling: whereby visiting a legitimate website that is popular with a specific type of user or job role can result in the employee’s device becoming infected. In these cases of ‘Drive-By’ infection, the website will have already been infected with malware that is ready to exploit vulnerabilities on visitors’ devices.
It’s worth remembering that a cryptor can attack a wide range of devices, including:
HOW TO PROTECT YOUR BUSINESS?
EDUCATE YOUR USERS
People are often the most vulnerable element in any business. Teach your employees about IT security basics, including:
- Awareness of phishing and spear-phishing risks
- The security implications of opening any email attachment that looks suspicious–even if it appears to be from a trusted source
REGULARLY #BackUpData AND VERIFY THE RESTORABILITY OF YOUR BACKUPS
Almost all businesses will already have data backup policies. However, it’s essential that you back up your data onto an offline backup subsystem–instead of just copying files to another ‘live’ system on your corporate network. Otherwise, a cryptor will be able to encrypt your backup files. Establish a ‘backup and disconnect’ policy–so you’re not just copying data onto a permanently connected file server.
PROTECT ALL DEVICES AND SYSTEMS
Because cryptors don’t just attack PCs, you’ll also need to ensure your security software can protect your Mac computers, virtual machines and Android mobile devices. It’s also worth ensuring you have sufficient protection installed on your email system.
DEPLOY AND MAINTAIN #SECURITY SOFTWARE
As with all malware prevention, your watchword should be ‘update early and update often’ so you:
- Update all applications and operating systems–to eliminate newly discovered vulnerabilities
- Update the security application and its anti-malware database–to ensure you benefit from the latest protection
Try to select a security solution that includes tools that let you:
- Manage the use of the Internet–for example, according to job role
- Control access to corporate data–again, according to job or department
- Manage the application start-up and privilege control – using Application Control technologies that help you block or permit programs.
(Excerpts from Kaspersky Lab whitepaper COULD YOUR BUSINESS SURVIVE A CRYPTOR?http://resources.idgenterprise.com/original/AST-0175437_Cryptor_eBook_final.pdf)