• Ask your anti-malware vendor what protections they provide against latest ransomware Trojans and what they can do to restore encrypted data.
• Make automated, frequent backups of critical data to offsite servers part of your defense in depth strategy.
There’s been a rise in the use of a particularly virulent form of ransomware attacks on the part of cybercriminals throughout 2012, and it’s likely that we’ll only see more and more of this in 2013. Even though threat researchers at Trend Micro claim that this is the work of a single cybercrime gang in Russia, the mounting publicity and success of this particular attack as it spreads across the globe will likely draw copycats into the mix. And although many of these scams target consumers, enterprises are also in the crosshairs of these attacks as well. For example, in one of these attacks, which seem to be based on the Reveton Trojan, cybercriminals are using sophisticated encryption techniques to hold sensitive files hostage. Once they’ve encrypted your data, only they have the encryption key necessary to decrypt the hostage files, and they use that to extort thousands of dollars from victims. One recent report highlighted how an Australian medical center had its patient database held for ransom, with the owners mulling whether to pay. A more recent ransomware attack impersonates local law enforcement and accuses the victim of committing a crime. The attack actually locks the victim’s computer and uses localized voice messages demanding verbally that the victim pay a (fake) fine. Meanwhile Trend Micro rival Symantec believes that there are up to 16 different families of ransomware, and that each one is controlled by a different cybercrime ring. It estimates that at least $5 million a year is being extorted from victims, and calls that number conservative.
This trend highlights the importance of good backup and disaster recover/business continuity practices, and it illustrates why those practices have a strong role to play in a defense in depth strategy. By automatically backing up critical data to geographically distant servers on a frequent basis, such breaches can be resolved without caving in to the criminals’ demands. One gang has cleverly targeted small to medium-sized businesses, knowing that they have critical data but don’t have a deep bench of security expertise. But a defense in depth strategy doesn’t necessarily require deep pockets. At the same time, there are reasonably priced tools to fight these types of infections. Sophos, for one, claims that its Sophos Bootable Anti-Virus allows a user to take back control and remove the malware without having to pay the ransom. It also has a decrypter tool that works with certain forms of ransomware. And any anti-malware provider worth its salt should be able to help customers clean up such infections and restore access to critical data.