We have seen a number of customers this year affected by ransomware and phishing attacks and the problem appears to be increasing. If your not sure what these terms mean then read on and I will try and explain them in real world examples.
As a small or medium sized business owner, you already have a lot to deal with, the loss of data or finances from cyber criminals is just another cause for concern. Within this blog article, I will try and explain the nature of these attacks, the implications to you and what you can do to reduce the risk.
The difference between traditional viruses, malware and ransomware are that ransomware is aimed at getting money from the victim whereas viruses and malware have the intention of causing damage.
This is a threat that effectively removes access to your data by encrypting it. This encryption changes the way the data is written so that it can only be read if you have a special key to unlock the data. The only way to get the decryption key is to pay the money and hope that it works. There are time limits on how long you are given to respond and after that limit, the data is unrecoverable and must be restored.
When devices are infected with this ransomware we have seen large volumes of data encrypted in a short space of time, in one case 250,000 files in 20 minutes.
Typically the end user receives an email with a link or a file with a link to a malicious site here are some examples of email subjects:
This is the attempt to obtain information such as usernames, passwords, credit card and banking details and ultimately your money. Typically the user is deceived into giving the security information through a fake website. The link to the website is often sent in an e-mail, but information may be obtained in many ways using social engineering techniques. This includes text messages and phone calls. A slight variant on this is the use of “spear phishing” where the e-mail or communication would contain personal information that you would only expect to be known by a trusted contact.
Your tax refund is available.
Your account has been compromised.
These emails can be very realistic:
We have put together a set of security recommendations condensed down into 5 layers to simplify the process of managing the problem. There needs to be a combination of solutions, known as security layers that are put in place.
There are a number of other methods we can use to reduce the effects of ransomware, we can filter the types of files allowed on the servers, this can be done manually but ideally we would use a product such as Sophos Interceptx.
Restrict users only to the data they require access to, don’t be too generous with file and folder security permissions.
The need to train end users in good security practices and how to identify the potential threats, such as suspicious emails or unusual files is vital.
Company workstations and servers need to have the latest security updates.
It may be necessary to increase the strength of passwords and implement a password policy to ensure changes, you may decide to use two-factor authentication similar to the tokens banks issue.
These systems can also scan and replace any links within the emails, we need to remember that in some cases these emails can be delivered from trusted contacts.
This is a separate solution to the mail filtering although providers such as Symantec can do both mail and web filtering. In some companies, the reporting from these tools can also increase employee productivity if you have users that like to spend company time on e-Bay or Facebook.
Additional recommendations.
The phishing attacks can be very targeted and in several cases, we have seen members of the finance team sent emails from compromised accounts requesting payments. There are a number of steps we have implemented and seen at other small businesses including the following: