Holding your data hostage

A few days ago the US Federal Financial Institutions Examination Council issued a warning for banks that they should expect ransomware to grow in the following months. Despite the fact that financial institutions are one of the sectors that invest the most in cybersecurity, it seems ransomware is increasing in numbers.

Just in case, you really haven’t heard of it before: ransomware is a piece of malware that encrypts your data, preventing you accessing it, and demands money in return, sometimes within a timeframe. Ransomware is not new, it’s been on the wild since, at least 2005, but now the attackers are getting more and more sophisticated. Bitcoin and some other forms of transferring money anonymously in an easy way, have made it easier to cash in the ransom. Ransomware now attacks mobile phones and tablets, as well as laptops and servers.

The business is booming, and 2016 might not be any better. In 2012 Symantec estimated (PDF), that just from a single command-and-control server used by CrytoDefense malware, the profits were in the order of US$34,000 a day. This is despite the fact that only around 3% of infected machines pay the ransom. It didn’t help much that the FBI many timesadvised to pay the ransom when hit by this kind of malware. Even more, a couple of police departments in the US paid the ransom when suddenly found their files encrypted.

Small businesses are specially at risk of this kind of threat since many times there are not even the basic IT security policies in place. Defending against ransomware is rather difficult since they are constantly evolving to evade anti-virus detection. However, small steps such as security training of staff (to avoid suspicious e-mails, for example) and continuous backup can definitely minimise the impact of the threat. For this to be effective, the mindset of the business owners need to change: it’s not a matter of preventing malware of hitting the enterprise anymore, now it’s a matter of what to do when it happens.

This post appeared original in the Metaluxo IT Security blog.