As online heists go, hackers hit the jackpot this year. An especially menacing form of malware did bundles of evil and extremely lucrative bidding, burning businesses and consumers alike by holding their most prized digital possessions hostage.
You likely know this specific strain of virus as “ransomware.”
It’s frightening to think that countless web users—including the workers IT pros aim to protect—unknowingly help set these cybercrimes in motion. All it takes is an innocent fingertip tap on a bad link or attachment to release the infection, encrypt your company’s critical assets, and demand payment for the return of those files.
“Cybercriminals attach the malware to an exploit kit, or a piece of software designed to automatically search for exploits on a user’s computer and find ways to ensure the download is successful,” a recent Yahoo article explains.
The ransomware known as CryptoLocker, which has gained global notoriety over the past 18 months, may serve as the case study. Disrupting it has required a collaborative effort between the United States and international law enforcement agencies.
An FBI press release in June said the number of computers worldwide infected by CryptoLocker as of April 2014 was more than 234,000. It was also estimated that ransom payments reached $27 million in the two months after the malware first surfaced.
Ransomware, in general, is a priority concern for IT pros. A Spiceworks study published at the start of the year found that:
If those statistics don’t paint a haunting picture, this common belief among security experts is likely to do it: “Ransomware generates such significant sums of money that cybercriminals aren’t going to abandon the file-encrypting strategy anytime soon… They’re going to perfect it.”
In fact, this massive financial scam is evolving as you read this post. Ransomware now has the ability to attack mobile devices. That’s in addition to causing problems on PCs.
LOGICnow Security Lead Ian Trump says there are three main attack strategies. They include exploiting vulnerabilities in widely used operating systems and applications; social engineering campaigns; and “drive by” downloads from visiting compromised websites.
“There are a number of solutions required to keep your network from being compromised, along with potentially all the accounts for your cloud-based services,” Trump says.
And these three solutions are critical:
Cybercriminals often rely on outdated software with known signatures to sabotage systems. They bank on you failing to update with the latest definitions.
Patches address software vulnerabilities that go undetected by your antivirus.
Preventing access to suspicious websites can often be achieved with a quality web filter that stops users from visiting dangerous areas of the Internet.
Looking ahead to 2015, cybercriminals aren’t just targeting businesses with big budgets. They are equal opportunity extortionists who want you to answer a costly question:
What’s your data worth to you?
Want to know more about security? Then check out the videos serious by our security lead, Ian Trump…