Ransomware is no longer the little brother of the cybercrime scene, with growth in incidents hitting record levels today. But how can you protect against such a problem?
The number of new types of ransomware attacks discovered in 2015 was an all-time high and, according to a new report from Symantec, global losses will likely run in the hundreds of millions of dollars.
Noting an industry nearing “perfection” in terms of its business model, a gold rush mentality has emerged among attackers, according to Symantec’s ‘Ransomware and Businesses 2016’ report.
“The number of new ransomware families discovered annually [reached] an all-time high of 100 in 2015. Today, the average ransom demanded by attackers has jumped to $679,” it said.
While organisations are seeing a gradual growth in attacks, it’s the indiscriminate, seemingly random hacks on regular internet users that is the primary environment for ransomware attacks.
The targeted attacks on businesses, though, is where the real expertise is coming in. “A growing number of gangs,” are getting in on this racket, according to Symantec, using “a high level of technical expertise, using techniques more commonly seen in cyberespionage campaigns to break into and traverse the target’s network.”
A recent Europol report said that a number of EU countries may be at a point where reporting of cybercrime now outnumbers that of more traditional crimes.
Interestingly, attacks such as ransomware “have become the norm”, overshadowing traditional malware threats such as banking Trojans.
So what can you do? In some cases, not a lot, though certain general rules of thumb will protect you against most problems. Eset’s recent list of advice is particularly helpful.
At a basic level, the cybersecurity company advises to:
- Back up your data
- Keep your software up to date
- Use a reputable security suite
“The single most important thing you can do to prepare for emergencies, including being affected by ransomware, is to have regularly updated backups,” said Lysa Myers of ESET.
Not backed up on your computer, or on the cloud, but on a device that, when disconnected from your computer, is not online at all.
Up to date software is an obvious one really, with Myers recommending users to turn on automatic updates.
“It can significantly decrease the potential for malware infection if you make a practice of updating your software often,” she said.
“Enable automatic updates if you can, update through the software’s internal update process, or go directly to the software vendor’s website.”
“It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behaviour,” said Myers.
“Malware authors frequently update their creations to try to avoid detection, so it is important to have both these layers of protection.”
At a more detailed level, Eset’s advice is to:
- Disable macros in Microsoft Office files
- Show hidden file extensions
- Filter EXEs in email
- Disable files running from AppData/LocalAppData folders
- Disable RDP, disconnect from Wi-Fi or unplug from the network immediately
- Use System Restore to get back to a known, clean state
- Set the BIOS clock back
The excellent details behind this advice is available here.