View all Email attachments as suspicious!
Ransomware has gone from obscurity to being headline news, and has become the Number One Cyber Threat facing businesses and organizations today. The threat has emerged for a very simple reason: Ransomware is fantastically profitable for cybercriminal gangs. Russian gangs alone made over $135 million net profit from ransomware in 2015, which started out with only a few variants, and has since exploded onto the Internet with dozens of new variants and delivery modes, all aimed at extorting money from businesses and organizations by encrypting all files on a PC and on a network the PC is connected to.
When one of your employees receives an email like the one shown above (an actual email from the Locky ransomware campaign in 2016) the malwareencrypts all files of known useful types. Then the program will replace the wallpaper on the PC and put a ransom demand onto the screen.
When the victim goes to one of the linked websites, the cybercriminals "offer a service": software to decrypt your files that can be purchased by sending a specified sum of Bitcoins to an anoynymous account.
After payment, the wait begins. Maybe the criminals will deliver a solution. Maybe they won't - they're criminals, after all, aren't they?
If you are lucky you get a decryption solution that works and can decrypt your files. But the process can start again when another employee gets hit with another attack!
The Best Defense: Prevention!
The best way to defend against Ransomware is to prevent infection to begin with using a multilayered strategy:
- Employee Education on what scam emails look like
- Good backups
- Up to date systems software (Windows updates, Java, PDF viewer and Flash player updates)
- Good backups
- Endpoint defense including good antivirus and anti-ransomware capabilities (application whitelisting)
- Good backups
- Perimeter defense including a firewall with antivirus capabilities
- Good backups
- Better email filtering or an email service with better filtering.
Even with all these measures in place you can still get hit with ransomware. Many variants don't even need a victim to open an email attachment! All they need to do to be infected and attacked is to visit a web page - often one that is part of a legitimate website - that has ads being served up by a compromised ad service. Websites as well known as ABCNews, CNN, and ESPN have been affected by poisoned ads served up by an advertising service with bad security. To avoid having to pay ransom, the final layer of defense:
- Good backups of EVERYTHING!
With the right backup and disaster recovery system, you can limit the damage done by ransomware to losing a single day's work or less. Employee training can help avoid being the victim of social engineering that convinces them to open an attachment that launches a ransomware attack, and how to recognize the signs of an attack on your own or a colleague's computer and steps to take to mitigate ransomware damage.
Ransomware has so successful and profitable for cybercriminals they are increasing the number and size of campaigns to distribute ransomware via email, through poisoned ads, and by poisoning websites.
P3iSys can help you build a layered defense against Ransomware and other cyber threats to reduce your risk of infection, and help you build a comprehensive backup and disaster recovery plan to avoid having to pay ransom! Fill out the form at right to have us perform a Security Assessment and help you build a Defense Plan today!