We have frequently alerted individuals and companies about the increasing risk and success posed by sophisticated phishing schemes.
It has become such a real and grave problem that the U.S. Computer Emergency Readiness Team of the Department of Homeland Security (US-CERT) has teamed up with the Canadian Cyber Incident Response Centre to issue a joint special alert to warn companies of the threat of ransomware and the variants that are being seen by law enforcement.
The Alert (TA16-091A), “Ransomware and Recent Variants” outlines what ransomware is, mentions the specific variants Locky (which has affected the health care industry) and Samas, and seeks “to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.
The alert states that the rough estimate of how much money malicious actors are making from successful ransomware schemes is $394,400 per month. Because it is so profitable, new ransomware and malware variants have been develenrioped, including Xorist, CryptorBit, CyptoLocker, and now Locky and Samas.
Ransomware can affect home computers and business files and systems. It is applicable to everyone.
Here are the tips that are being offered by US-Cert as preventative measures to guard against a ransomware attack verbatim:
- Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
- Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the Web. See Good Security Habits and Safeguarding Your Data for additional details.
- Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.
Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center.
Privacy Tip this week for individuals and businesses: implement US-CERT’s recommendations.