You don’t need to be a hacking genius to create ransomware. You can simply buy a ransomware kit, craft an extortion message, add preferred payment details and click go. If you don’t want to buy your own kit – which purportedly cost around $1,000 – you can use them on a commission basis, paying the ransomware kit author a percentage of the illegal income it generates. You can become a proud owner of your own custom ransomware in a matter of minutes.
Your next challenge is getting ransomware to your targets. You can either email it to as many people as possible, hoping one or two will bite, or create your own custom phishing campaign.
To do this, you will need to know a bit more about your intended targets and create some realistic looking email “phish” that your targets are likely to open.
So what can go do to protect yourself against this?
1. Educate your user against phishing emails
Remember that all it takes for ransomware to end up on your systems is for one of your users to open an infected attachment. This might be in an email called “2016 redundancy plans”, spoofed from a Director’s email address, or something equally as unexpected, yet realistic. Users must be aware of this risk and not led to open up unexpected email attachments. It’s your first line of defense!
2. Keep Your systems up to date
Keeping your systems patched and up to date is equally as important. Ransomware uses the most recently announced exploits to get a foothold on your devices, and if you haven’t updated your systems for a while, you’re asking for trouble.
Anti-Malware software, is, again, equally important. This will stop the vast majority of fly-by ransomware attacks, as – if the ransomware author is spreading his or her net far and wide – it’s likely the anti-malware companies will pick this up and issue updated signatures in a few hours.
But it’s the carefully crafted specific attacks using custom ransomware you really need to worry about. Custom ransomware doesn’t have a signature that anti-malware engines will pick up, as it’s in limited distribution. Custom ransomware has had some thought go into it, so will be behind a realistic looking email.
Here is an example:
Bonnier Corporation, has over 600 employees and $200m in revenue with magazines like Scuba Diving. Cyber-criminals hacked the corporate email account of then-CEO David Freygang and sent emails to an unnamed employee in Accounting to transfer large sums to a Chinese bank via electronic transfer, according to the New York Post.
One $1.5m payment went through successfully, but the second transfer could be stopped and clawed back after the employee called Freygang to double check if the request was legit.
I know you are thinking this will not happen to us – we are not in the same league. However, one of our customers has had a phishing email from their ex MD. The accountant got an email from the ex MD’s email address asking if he was in the office? Hence he did not reply but forwarded on the potential scam email to me.
3. Take custom ransomware seriously
Custom ransomware works! It encrypts local hard drives, it will also go off and encrypt attached devices, Dropbox folders, network shares – the lot. If you’ve captured ransomware into your backup cycle, then you’re even further up the creek.
Take the threat seriously. It’s not going to go away, and a holistic security programme and layered defense is critical in ensuring you don’t end up falling victim. Not even the best cryptographers in the world will be able to get your data back.
For a free security assessment and detailed strategy on how to protect your business contact either june@yousystems.co.uk or adam@yousystems.co.uk