Are you aware that Office 365 subscribers were recently the target of a massive zero-day ransomware attack? On June 22, 2016, some users received phishing emails with an attachment infected with the Cerber ransomware. Although Microsoft reviewed its built-in security settings and started blocking the malicious file attachment the following day, many subscribers had already been infected.
Over the last years, ransomware has become more prominent in the list of threats against people and businesses. Services running on-premises or from the cloud are equally at risk and one little piece of malicious code can be very harmful. Once your computer is infected, ransomwares give you only two options: pay the ransom to unlock your data, or consider them lost forever.
If you’re an SMB, you know that losing even a small number of files can be critical for your activities and can badly affect your reputation. With ransoms reaching thousands of dollars, paying may simply plunge your finances into a disastrous situation. Your best option is to protect yourself from ransomware.
ONLINE BACKUP ACTIVE PROTECTION: Fighting Back Against Ransomware.
Sherweb Online Backup now comes with the Active Protection feature integrated! Any ransomware attack is rolled back instantly! Learn more in this document.
What is a Ransomware?
Ransomware is the perfect example of a legitimate technology turned into a weapon of mass destruction. Encryption was made to secure data transfer and storing, so that only authorized people can access the information. Decrypting the protected information is only possible using the digital key that was used for encoding. Because ransomware will encrypt your data with a key that only the hackers detain, your only chance to regain access to your computer is to pay the ransom. You’re usually given a deadline to pay the money. Failure to do so could mean your data will be destroyed, or you could be charged a higher ransom.
Malware infection vectors include phishing emails, unpatched programs, compromised websites, poisoned online advertising and free software downloads. Infected machines include servers, workstations (PC/Mac), and even Android/iOS devices. Ransomware will also use your local network to encrypt data that are located on network drives and spread to other computers. This is how a single infected user can bring a department or an entire organization to a halt.
In June 2015, the FBI reported that CryptoWall, a single variant of ransomware, had claimed 992 victims, with a total loss of $18,000,000. To make more money, hackers have even adapted to the cloud model and now provide malware-as-a-service. This means a person with absolutely no developer skills can cause serious harm to your company. For instance, Trend Micro recently revealed that Cerber macro malware is being sold as a Ransomware-as-a-Service on the underground market.
How Do You Get Infected and How Will You Know?
Infection happens once you’ve opened a file that contains the malicious ransomware code. When it executes, a screen or a webpage will display a message from the hackers that includes the amount of money they want you to pay for the procedure to recover your encrypted data. While some hackers will ask for payment in common currency, others will prefer e-currency (cryptocurrency) like Bitcoins. This makes the payment process anonymous and almost untraceable. Paying the ransom gives you access to a decryption program that would free up your files once it is run. However, it is important to note that you do this at your own risk.
In their recent Cerber attack on Office 365, hackers attached an Office file to the phishing emails they sent to subscribers. Because phishing emails are always sent under a legitimate name, it’s a lot easier to trick users to open a malicious document. The attachment contained a code that would only be invoked with macros enabled. Because they thought the email came from someone they knew, some Office 365 users would not only open the attachment, but also enabled macros to display the full information! This was enough to execute the code. Almost immediately, new files with names such as HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML would appear in all directories.
To heighten the fear, hackers made Cerber with a “special touch”, so it starts a text-to-speech synthesized recording of a text message similar to the following: “Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!”
As we said earlier, ransoms can easily reach thousands of dollars. In February 2016, a Los Angeles hospital made headlines when it had to completely take down its IT services to contain a ransomware attack and rely on fax and paper for 10 days. The organization had to pay $17,000 in bitcoins to get back on its feet.
How to Protect Yourself from Ransomware
Protecting yourself from ransomware should be part of your business continuity process. Ransomware get through filters far too often and attacks are mostly triggered by human interaction. This means user education is important.
1. Protect Your Network
Use a firewall to isolate your local network from the Internet and keep your firewall rules up to date. Do not leave any unused ports open.
2. Protect Your Computers
Deploy operating system and application updates regularly. Use reputable antivirus software on all your computers with automatic updates. Antimalware programs proactively monitor your system and will identify potentially risky programs or behaviors.
3. Filter Email
Use the built-in Office 365 and Hosted Exchange email filtering settings to prevent phishing and infected email from being delivered to your user mailboxes.
4. Teach Your Users to Be Cautious
Make them understand they should avoid suspicious websites. Hackers will sometimes advertise fake antivirus software or decryption programs. Educate your users to refrain from clicking on links inside email, whether it’s personal or professional.
5. Deploy a Backup Solution
Online backup solutions will offer affordable cloud-based storage, so you can recover deleted or encrypted data from a safe source. Set daily or weekly backups so you don’t suffer a huge data loss in case you’re locked out from your computer. With good backups, you won’t have to pay hackers.
Looking for a backup solution? Visit our Online Backup product page here.
6. Enable Your Browser’s Popup Blocker
Setting a pop-up blocker will reduce the risk of clicking on an infected page.
7. Disconnect All Suspicious Computers
Isolate any infected machine from the network by disabling any Wi-Fi or Bluetooth connection, and unplugging network cables. This will help stop malware from spreading to other connected computers. Disconnect any portable media and do not try to copy or save data from the infected computer to any media.
Download Your Free Guide!
RANSOMWARE IS YOUR FRIEND. HERE'S WHY.
Ransomware shines a light on a very important aspect of business: Data Protection. Learn more about it in this eBook.