• Ask your anti-malware vendor what protections they provide against latest ransomware Trojans and what they can do to restore encrypted data.
• Make automated, frequent backups of critical data to offsite servers part of your defense in depth strategy.
There’s been a rise in the use of a particularly virulent form of ransomware attacks on the part of cybercriminals throughout 2012, and it’s likely that we’ll only see more and more of this in 2013. Even though threat researchers at Trend Micro claim that this is the work of a single cybercrime gang in Russia, the mounting publicity and success of this particular attack as it spreads across the globe will likely draw copycats into the mix. And although many of these scams target consumers, enterprises are also in the crosshairs of these attacks as well. For example, in one of these attacks, which seem to be based on the Reveton Trojan, cybercriminals are using sophisticated encryption techniques to hold sensitive files hostage. Once they’ve encrypted your data, only they have the encryption key necessary to decrypt the hostage files, and they use that to extort thousands of dollars from victims. One recent report highlighted how an Australian medical center had its patient database held for ransom, with the owners mulling whether to pay. A more recent ransomware attack impersonates local law enforcement and accuses the victim of committing a crime. The attack actually locks the victim’s computer and uses localized voice messages demanding verbally that the victim pay a (fake) fine. Meanwhile Trend Micro rival Symantec believes that there are up to 16 different families of ransomware, and that each one is controlled by a different cybercrime ring. It estimates that at least $5 million a year is being extorted from victims, and calls that number conservative. Read more of this post