Technology: Ransomware – Insidious and Growing Fast

Imagine a major hospital crippled by a deliberate effort to block its access to patients’ records. After the hospital pays online extortionists a hefty ransom, the cyber crooks will unlock the data. Meanwhile, the medical facility lacked access to its network, email and patient data – including lab work and scans. This is not the plot of a TV movie, but just one example of a disturbing new type of cybercrime that is becoming widespread in Europe and the United States.

Ransomware criminals use encryption to block users from their online files – releasing the locked-up data when the targeted entity pays a ransom. Instances of this type of online extortion grew a whopping 170 percent in 2015 – with the majority of cases occurring in the U.K. Attacks in the United States have been on the rise, and now the majority of attacks worldwide occur here.

Impact on Small Businesses
In the beginning, attacks targeted small and medium-sized businesses as well as individual consumers. Cyber criminals were more likely to encounter weaker security systems and lax backup procedures at smaller firms, and many cyber-crooks chose high volume and lower returns rather than tackling larger organizations with more sophisticated security protection. Criminals discovered that victims were most likely to pay up without contacting the police if the ransom demand stayed modest – within the hundreds of dollars realm. Online extortionists now have turned their attention to larger organizations, demanding tens of thousands of dollars.

How do the online extortionists get access?
Usually through infected email. Investigators cannot unlock the ransomed files, which are heavily encrypted, unless they find the cyber-crooks’ control servers, which could be anywhere in the world.

What can you do?
A notorious ransomware threat known as Cryptolocker comes as an email or via a downloader brought along as an extra component. Its authors continue to create new variants, target different groups and repel changes in security technology. Seek professional IT assistance to lessen your vulnerability. In the interim, here are several simple steps you can take to protect your files.

  1. Back up your data to safe storage frequently. That way, if you are attacked, you can restore your system to an earlier setting without losing many files. Cryptolocker attacks all drives that are mapped (e.g., those tagged D or E drives), including external drives like USB thumb drives. This means that your backup system must either include an external drive that is disconnected when not actively backing up your files or an online provider of automated backup services.
  2. Crooks use email (with attachments) as a way into victims’ systems. Recently, Cryptolocker has used files with the extension PDF.EXE (this may have changed by the time you read this). Set your gateway mail scanner to filter files and deny entry to emails with two file extensions – the last extension being the executable component.
  3. If your computer is able to allow others to access your machine remotely and you don’t use this function, known as Remote Desktop Protocol or RDP, disable it. This is another favorite entry point for ransomware.
  4. Keep your security software fully updated – use automatic updates, whenever possible. Don’t delay downloading manufacturers’ updates. Use top quality anti-malware PLUS a software firewall.

Following recent brazen attacks on the BBC and The New York Times, Ransomware has attracted significant attention. It is a major threat, but smart defensive strategies combined with good recovery protocols can help keep your data safe.