Ransomware continues to plague business networks. One program, CryptoLocker, was taken down some months ago, but new variants of ransomware are spreading. Ransom demands can be a few hundred dollars or over $10,000. Here are two malware programs that businesses should be aware of.
CryptoWall is currently the most prevalent ransomware. A new version of CryptoWall, which some call CryptoWall 4.0, as if a software release, is affecting ill prepared businesses. This “release” is more sophisticated that the previous version.
• It has increased ability to avoid detection by many enterprise level firewalls.
• File names are encrypted as well as the files themselves, with the possible intent to confuse the user and increase pressure to pay the ransom.
• The ransom note is said to be “friendly” and suggests the victim purchase the “software package” to obtain the decryption key necessary to unlock the hostage files.
The malware is spread by spam emails and drive-by attacks. Many anti-virus software applications still cannot detect the ransomware.
An early version of the ransomware is said to have earned the criminals hundreds of millions of dollars since January, 2015. This new version is likely to make significant illegal money for the criminals in coming months, until more businesses protect themselves and refuse to pay the ransom.
Chimera is a newer version of ransomware that is targeting businesses with not just encrypting their files, but with threats to post the victim’s personal data and photos on the Internet. The malware locks files on the local hard drives as well as those on the network drives. The malware has been reported to target specific employees within a company.
The bogus emails may include job applications or business offers plus a link to a malicious file hosted on Dropbox. Currently, the ransomware is targeting businesses in Germany, but businesses located in other countries may soon be victims.
What Your Business Can Do
The best defenses continue to be
• Have frequent, redundant backups so you can restore your system if you receive a ransom demand.
• Have an up-to-date quality anti-virus application.
• Use web and email filtering.
• Continually remind employees to not open emails and attachments from unknown sources. Provide staff with sample phishing emails so staff get used to recognizing potential problems.
• Store anything you don’t want shared on the Internet on a system not connected to the Internet.
Did the FBI tell businesses to pay ransom?
One agent in Boston office did make a statement to that effect at a security conference. The comment caught a lot of attention and the media shared it broadly.
The formal FBI statement on its website continues to explain that the decision to pay or not rests with the business and the FBI explains what the options are if affected and ways to proceed.
Maybe the good news is it got yet more people paying attention to this increasing threat to business cyber security.
The NCI blogs all aspects of cybersecurity…don’t miss out! Join us on Facebook and Twitter.