Wednesday, April 27, 2016

Pay Me

There is a lot of news lately about a specific form of malware called "ransom ware". Some experts say that it may have replaced credit card heisting as the popular way to earn an elicit buck on the web. Since 2014, when figures were first compiled, it has risen from a paltry 30 million dollar a year enterprise to such a level that one magazine has called 2016 the Year of Ransom Ware. I'm guessing that means considerably more than 30 million bucks this year.
The problem is that as far as I know there is only two ways to combat this. One is white listing, which interferes with the malware being able to phone home to the Command and Control server (usually some unwitting third party's less than secured server) and therefore start the insidious process that eventually leads to a pleasant message like "Say, nice data you got dere. Shame if somtin' was to happen to it. Send me Bitcoin and nosbody gets hurt." But white listing is going to be extremely unpopular with your users, as well as a giant pain in the butt to administer. I, for one, am unwilling to be put in the position of In-House Internet Hall Monitor.
The other is regular backup. This is the thermonuclear option, as you end up losing the data that was generated post ransom ware, but hey, at least you aren't paying off the pirates that have hijacked your excel files.
There are some precautions. You can lock down your systems to make it difficult for .exes to run. This is probably the strongest protective measure. Unfortunately you pretty much have to exclude your admins from this, and admins are just as human as the rest of us, all evidence to the contrary. Someone in a hurry, or distracted will click on the "Are you sure?" button eventually, and you will be cursing Russian cyber mobsters just the same as in the old days.
Kapersky and a few others have some of the signatures to some versions of Cryptoyouarescrewed et. al., but of course this beast is polymorphic, so they can't fully protect you.
As always, the best defense is education. Almost all of these ransom wares propagate through email attachments or "water holes", so keeping your users up to date on the latest ways of reaching them and reinforcing training like a knowledge jackhammer is your main option. I suggest monthly 15 minute training sessions, reinforced by posters, screen savers and emails.
Or I guess you could just pay up.

No comments: