Today’s cyber threat landscape continues to evolve at an incredibly fast pace. So much so that even the best tools and policies are not always enough to protect your business and its data. Cybersecurity experts expect that we will continue to see more cyberattacks — and that the attacks will continue to grow more sophisticated.
As the recent Yahoo hack illustrated, data attacks continue to be well-organized and well-executed. But on a smaller scale, targeted attacks continue to arrive at small and medium-sized businesses across North America. And it requires an array of solutions: anti-virus and anti-malware software, security update management, policy and procedure administration, firewall implementation, web traffic analysis, DNS filtering, and more.
But when it comes to viruses like CryptoWall ransomware, there are two critical tools that are required:
- Well-trained, alert, and cautious users (to prevent data loss), and
- A solid backup policy (to restore data in case of loss)
Ransomware continues to evolve, which means there are no easy defenses against it. When CryptoLocker, CryptoWall, and other strains were first released in 2014, they were distributed by email that tricked users into opening attachments — PDF files, billing notifications, shipping updates — that installed malware on a computer. But the latest strains of the Crypto virus are relying on a few different methods:
1. Delivering voicemail notifications that are common for Microsoft Outlook users — but when the .wav files are opened, malicious software is installed on computers
2. Baiting Internet users into clicking on legitimate-looking ads on otherwise legitimate websites, that then lead to compromised URL addresses. These types of scams increase after major news about data breaches, when Internet users increase the number of searches for topics like “Target hack” or “Yahoo breach.” Other top search names associated with viruses and data breaches include Amy Schumer, Justin Bieber, and the Kardsashians — so if you allow your employees free use of their computer during lunch breaks, there’s a good chance they could expose your network to virus activity.
3. Some variations display a Microsoft blue screen and provide a support phone number to call. Don’t do it!
Silently, over hours, all data files on the computer are encrypted, rendering them useless. Once a PC is infected, ransomware can continue to encrypt every connected drive, including those on thumb drives, network maps, and even cloud services such as Dropbox, Google Docs, or OneDrive. If a home computer is synced with a cloud drive and the home computer gets infected by CryptoWall, your cloud drive files could sync with a work computer and infect your work environment as well.
A message will pop up alerting users that their data has been kidnapped, and that if they don’t pay a ransom (often in unregulated currency like Bitcoin) within a set amount of time (sometimes as short as 72 hours) they will lose access to their files forever. This has resulted in a wider distribution, more infections, and millions more in ransom paid to hackers.
These cybercriminals have earned millions through this extortion, allowing them to hire support staff (yes, they even have what they are calling a “help desk”) and employ social engineering to make the delivery of their ransomware look more authentic. This has allowed many of these malicious messages to slip past spam filters and security software. No one solution can prevent ransomware 100%, which is why data backup is so crucial. That’s the best way to 1) avoid paying a hefty ransom and 2) avoid losing all of your data.
If you or an employee thinks you are infected by ransomware, disconnect any drives (including USB devices), disconnect from the network, power the machine off, and contact CMIT Solutions immediately. We will help you determine the best course of action so that you do not have to attempt recovery alone. We discourage paying the ransom, because this encourages cybercriminals to continue and expand their extortion schemes. However, if your files are encrypted, you have no backup, and you need your files, you may have no other choice but to pay. Again, that’s what makes regular, remote data backup so important.
Here are a few more tips for avoiding ransomware:
• Remind everyone in your organization to be wary of ALL email messages. Do NOT open ANY attachment or click on ANY link if the sender is not recognized and if you weren’t expecting the email and attachment. Be extremely cautious, regardless of how compelling the message may be!
• Even if you do recognize the sender, if you weren’t expecting an attachment or link from that sender, don’t click! “Hover” over all links and look for legitimate web addresses as opposed to a string of random characters or unrecognized addresses.
• If there is ANY suspicion, check the email header, subject lines, and body copy meticulously for small errors. Compromised email often involves impersonating real email (with very slight differences) and frequently copies common verbiage to appear as a legitimate email.
• Avoid using free, web-based email for business purposes. Use a company website domain and use secure email accounts for all communications.
• When exploring Internet resources, stick with proven sites whenever possible. Be careful when entering web addresses, as being off by just one letter could take you to a dangerous site.
• Implement regular, remote backups and a sound disaster recovery plan. Any attached backup drive is susceptible to loss if CryptoWall infects your system! Even with a backup, recovery will take some time, so prevention remains crucial.
Contact us today if you’d like to know more. CMIT Solutions takes a multi-layered approach to IT security, implementing as many layers of protection as possible to keep our clients safe. We worry about your IT security so you don’t have to, and we constantly stay up to date on new hacking threats and the ever-changing cyberattack landscape.