In the earlier article, “The Quiet Threat to Industry and America” we learned just how severe Intellectual Property (IP) loss is worldwide and within the US. We know how devastating it is to our economy as well as how quickly it can undermine businesses and industry. No one can replace your hard earned sweat equity, research, proprietary and intellectual property. A corporation can be wiped out with effective hacks and data theft. Smart businesses and industry are changing from a reactionary model to proactive measures to ensure their future.
A new problem is growing all over the world – it is called Ransomware. The implications are quite startling. Basically, your computers and servers are infected with a sophisticated malware that encrypts the entire contents of your hard drives – all your data is locked. You or your business is denied use of your data until a ransom is paid – typically in Bitcoin internet currency. Ransom demands range from hundreds to tens of thousands. The ransom is bad enough but the real damages occur from disruption or paralysis of business.
The statistics for ransomware varies; however, it is all bad news showing dramatic increases in 2015 in hundreds of percent. AVAST security software, as an example, detected that over six weeks that their users encountered ransomware infected sites 18 million times. Rather than provide a multitude of statistics and references just search the term “Ransomware Statistics” and see for yourself.
These crimes fall under the jurisdiction of the FBI. They warned about ransomware early last year. If you are hacked, cyberattacked or experienced computer or hard drive theft the FBI is there to investigate. The ransomware class includes Cryptolocker, Cryptowall, Teslacrypt, CTB-Locker, Torrentlocker and Reveton with new similar versions being reported every day.
Ransomware can even reprogram the firmware in your hard drives (SSDs and HDDs). Once the drive is reprogrammed, the firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled. Once infected, security software can't detect the associated malware which is stored in a hidden area of the drive. This version makes ransomware almost impossible to detect and cure.
Changing Times
In the past federal agencies including the FBI have long urged people not to pay ransom to the criminals, as there is no guarantee that they will even receive an unlock key. The situation has now changed with the higher strength of ransomware. Just how strong are these tools? The FBI attended the 2015 Cyber Security Summit in Boston last October. Assistant Special Agent Joseph Bonavolonta, who oversees the FBI's Boston office, advised the companies infected with ransomware to better pay up the ransom!
"The ransomware is that good," said Bonavolonta. "To be honest, we often advise people just to pay the ransom."
Many IT and corporate professionals took offense or were startled by the remarks. However, examine the bigger picture. Paying is no guarantee but criminals have been showing some honesty in unlocking data after the ransom is paid. They know if they don’t give you the unlock key that word gets around and corporations will stop paying and their ploy will no longer make them money.
The FBI issued a notice in June, which identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million.
Bonavolonta also cautioned that the Bureau may not be able to pry encrypted data from the clutches of the ransomware authors, who use ultra-secure encryption algorithms to lock up ransomed data.
“The easiest thing may be to just pay the ransom”, Bonavolonta, who said that efforts by the Bureau and others to defeat the encryption used by the malware did not bear fruit. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”
The success of the ransomware ends up benefiting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low. And most ransomware scammers are good to their word, Bonavolonta said. “You do get your access back.”
The FBI still wants to hear about ransomware infections, even from firms that pay the criminals off. “Do we want you to call the FBI? Yes,” said Bonavolonta. The FBI has been collecting information on ransomware scams and wants to be able to keep abreast of how the scams are evolving.
What can you do to prevent ransomware from affecting you or your corporation?
There are many ways to prevent ransomware and data loss but it takes a proactive attitude and measures to prevent these infections. On the hardware side invest in good modern computers that feature “hotswap” data hard drives. Hotswapping allows the user to start and shut down a hard drive without turning off the computer. This allows the user to keep data isolated and invisible to the internet, hackers and viruses or malware.
Vault Computer is one company that builds in this feature. Vault Computers can be equipped with cloned drives that can replace an infected drives in just minutes; without high IT expense or downtime that loses work productivity. Offline data storage within the same computer can restore backed up data in minutes utilizing fast transfer speeds. The ability to hotswap and keep data isolated from problems or unwelcome exposure is the same method US Government security agencies use. Bad guys cannot infect or steal what they cannot see.
Vault Computer also uses hardware encryption to protect your data from theft and access by unauthorized personnel. The first and most obvious difference with an Vault Encrypted Computer is that there is no “foot in the door” with the new hardware encryption. The computer will not boot up without the proper key inserted. This means no user hack tools are possible - there is no back door. You can now control who uses the computer and who sees the data on it.
Moreover, if the computer is stolen or the encrypted hard drive is removed it will not reveal any data. No forensic techniques can be applied and your data is secure from unwanted investigation. The data is invisible, irretrievable, unbreakable and secure from unauthorized access – period.
Prevention and Smart Computer Use is Key to Avoid Ransomware
Other measures an individual or corporations may take to prevent ransomware or computer infections are worthwhile. Here are some examples:
• Always use Antivirus software and a firewall. Keep the antivirus updated.
• Install a Malware remover. Malwarebytes is popular.
• Use a popup blocker.
• Maintain frequent Backups. Keep Backups offline and invisible to the Internet.
• Be careful with emails and attachments. Call and verify attachments that are strange or unexpected.
• Corporate education programs – awareness training. Statistics indicate education training is very worthwhile.
• Enable automatic OS updates, or download OS updates regularly, to keep
operating systems patched against known vulnerabilities.
• Install patches from other software manufacturers as soon as they are
distributed.
• Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
• Have strong passwords, and don’t use the same passwords for everything.
• Encrypt important data and hard drives.
Don’t wait until you lose data because it may be simply too late. Data theft and data ransom are on the rise. Don’t let these cripple your business. Good practices with proactive thinking and defenses are the key to protecting your valuable data and Intellectual Property.
No comments:
Post a Comment