By Suhas Sreedhar
You’re accessing important project data on your company’s workgroup server when suddenly none the files you click on seem to function. The names are there, and the file type is the same, but every time you attempt to open your document you get an error stating it’s an invalid file. Commotion swells as you hear your colleagues experiencing the same frustration. Suddenly, one of them calls out and points to his screen. Everyone rushes to see a message draping across the desktop: “Your computer has been locked and your files are encrypted.” To gain back access, it says, someone needs to pay a few hundred dollars within the next three days, or the computer will remain locked forever.
Everyone stands puzzled as you wonder. How could this have happened? Aren’t corporate IT systems secure?
Even with corporate IT security in place, the threat of ransomware remains real. Find out how you can protect yourself and your company.
Nevertheless the truth is plain in front of you — your business has just fallen victim to ransomware.
A New Kind of Threat
Malware has gone from being the work of a few basement hackers to the tools of vast criminal enterprises. Ransomware, one of the newest types of malware, is explicitly designed to extort money from end users by holding their data hostage. Only if the scammers get paid by a certain deadline will the hostage data be freed. Miss the deadline, and you can kiss your data goodbye.
Ransomware works by exploiting two techniques: fast file encryption and social engineering.
Fast file encryption, like the kind used by the infamous CryptoLocker ransomware, starts encrypting files as soon as it launches, altering them to make them completely inaccessible. The only way to revert files to their original state is to decrypt them with a unique, private decryption key. This key is hosted on a secret server somewhere on the Internet. If the ransom isn’t paid within the allotted amount of time, the key is destroyed and the data–locked by impossible-to-break RSA 2048-bit encryption–will remain encrypted forever.
Ransomware often attempts to frighten users through social engineering. Social engineering works by convincing a victim to unwittingly comply with a malicious request through the use of trickery, fear and emotional cues. The FBI MoneyPak trojan, for instance, poses as the government and displays a message telling users that the FBI has detected illegal content on their computers. The scam plays on people’s fears by stating that the “FBI” will gain permanent possession of data and may begin legal proceedings — or they can just pay a fine. With so much in the news about information gathering by intelligence agencies, it’s no wonder that people are fooled by this scam.
In a business environment, the added pressure for employees to not look uninformed or culpable often causes them to click on questionable sites and links without checking with IT first, and when something goes wrong users often say nothing for fear of blame–until it’s too late. Since many businesses rely on collaborative methods like file sharing and media servers, it becomes easy for one affected “patient zero” computer to infect everything else on the network.
Protection Against Ransomware
So what are the best ways to avoid or mitigate ransomware dangers?
1. Back up, back up, back up
It’s hard to state strongly enough the importance of backing up data. There are many systems available to back up corporate data, and note that a true backup means having the exact same data in at least two places at once. Preferably, your business has many copies, with a few older revisions, in locations not easily compromised.
But here’s the catch: Backups can get ransomware, too. A trojan-like Cryptolocker can infect and encrypt any drives that are connected to the hostage computer, share network volumes and even cloud data if local files are set to automatically sync whenever they’re modified. Having offline, offsite and write-protected backups is the only surefire way to avoid being at the mercy of ransomware.
2. Consider your operating system
Most ransomware is designed to infect Windows. Linux variants and Apple's OS X benefit from the sandboxing and security features of their underlying Unix foundation.
But, beware: Mac users are not off the hook.
Businesses who run Windows on their Macs may be putting their data in danger. Many Windows virtual machines share their Mac-side home folders and drives with Windows. If ransomware infects the Windows virtual machine and Mac-side data is shared, the ransomware will encrypt the Mac data, too.
And even if businesses don’t have Windows running on their computers at all,there are still social engineering scams designed to get people to pony up funds. These ransomware scams might not encrypt data, but they’re malicious all the same.
3. Have Smart IT Policies
A healthy dose of skepticism is one of the best defenses against ransomware, and an informed user base is one that is less likely to fall prey to ransomeware schemes–especially the social engineering variety. Good communication between IT and end-users is vital in this regard. Create a business environment where IT can devote a good part of their time to educating and updating end-users on the latest policies and threats. Encouraging IT to grow beyond mere break-fix to an educative, solutions-minded service is necessary to create more a more harmonious and safer technology workplace.
On the flip side, encourage end-users to ask questions, and don’t create a blame environment. If an end-user comes across a site that looks potentially unsafe (e.g.if a third-party service like Moneypak is involved, or the “FBI” requests payment in Bitcoin), teach them to be suspicious, speak out, and contact IT instead of taking rash action based on fear.
Keeping Company Data Safe
Malware will continue to get more pernicious, clever and widespread. Ransomware is just the latest tool of dedicated criminals who are bent on coming up with new and inventive ways to exploit ordinary users and businesses alike. Defending against new waves of malware requires vigilance and–above all– better communication between IT departments and workers.
Suhas Sreedhar has been covering trends in science and technology for six years, writing on topics from cloud computing to audio engineering to neuroscience. He has previously written for IEEE Spectrum magazine.