X

Information Technology Blog

Protecting Against the Growing Threat of Cyber-Extortion

Due to the rising number of distributed denial of service (DDoS) attacks and how they can cripple an organization’s network. DDoS attacks are sometimes launched for political, philosophical or competitive reasons, or just for the amusement of the attacker. Extortion is the motive behind many such attacks, however, with hackers demanding a ransom in exchange for stopping the onslaught.

DDoS attacks aren’t the only type of cyber-extortion. Another rapidly increasing threat is so-called “ransomware,” which typically encrypts files and demands money in exchange for the key. The average ransom is $300 to be remitted through payment vouchers or bitcoins by a certain deadline. The only way to regain access to the files is to pay the ransom or restore from a recent backup that was not actively connected to the infected machine.

CryptoWall made headlines when it infected millions of users in September and October of 2014 through infected ads on reputable, high-profile website. In addition to malvertising, CryptoWall and its variants spread through infected email attachments and malicious links. The FBI Internet Crime Complaint Center (IC3) issued an alert in June stating that CryptoWall is “the most current and significant ransomware threat targeting U.S. individuals and businesses.” Since April 2014, IC3 said it received 992 CryptoWall-related complaints, with victims’ collective losses totaling more than $18 million.

CryptoLocker is primarily spread via phishing emails with malicious attachments. When the victim clicks on the file, it encrypts all documents, graphics and other files on the victim’s internal and external hard drives, removable media, and any shared network drives. Once the files are encrypted, CryptoLocker displays a message demanding payment within 72 hours. Law enforcement officials from the U.S. and other countries managed to seize servers used for the CryptoLocker ransomware in 2014 but it remains a major threat. Malware research firm PandaLabs says that the latest version of CryptoLocker uses macros in Microsoft Office documents to infect users, reviving an old malware technique.

Cybercriminals introduced a psychological component in CoinVault, which allows the victim to choose one file to be decrypted for free. CoinVault even shows a clock that counts down to the payment deadline. If the clock reaches zero and payment hasn’t been made, the cost for the key increases. Dutch authorities have just announced the arrest of the alleged authors of CoinVault, after previously taking control of the server the attackers were using. It is unlikely that the arrests will halt the spread of the malware, however.

There are many other types of ransomware, which use varying techniques to deny access to a device or data. The best defense is to avoid opening email attachments or clicking links unless you’re sure they are safe. You should also back up data regularly and ensure that it can be restored should your files be encrypted. Whatever you do, don’t pay the ransom. Security experts and law enforcement officials warn that it only gives the attackers financial incentive to continue, and does not guarantee that you’ll gain access to your files.

Bottom line: Ransomware is a nasty form of malware that could cause you to lose access to your data. Commonsense security measures and regular backups provide the best protection against the growing threat.

Contact Bart Goodman via email at info@www.abbatech.com or call 505-889-3337 to discuss ways you can bolster your cyber defenses.

Web Design by Real Time Solutions     |     Web Development by Mass Effect Media