Cyber Crime is growing rapidly and the sophistication of these attacks is increasing
It is no longer a matter of “if you are attacked” it is now “when”. The email you have received is benign and designed to raise awareness. It is an example of a typical email used for Ransomware.
Ransomware is one of the main weapons of choice used by Cyber Criminals. This involves tricking end users into visiting a website which leads to the running of software designed to encrypt their files then bribe them or their organisation into paying large sums of money in order to unencrypt their own data. These types of attack have increased by 400% in 2016 and recently the source-code has been made public allowing anyone to develop sophisticated ransomware attacks.
Although Ransomware currently encrypts your data it is likely that future attacks will involve copying your data to Internet servers the criminals control so they can determine its bribery value.
Although it is impossible to ever be 100% certain of the authenticity of the email sender – it is more important than ever that people carefully consider their actions. Virus defence, anti-spam filters and firewalls can prevent unwanted guests gaining access to your corporate network but opening a Ransomware email invites criminals through the front-door providing them exactly the same access to company data and resources as you.
- Opening files - Do not click or download unsolicited email attachments. Many viruses are disguised as normal documents. Typical examples are invoices, purchase orders, pictures or docu-sign emails.
- Installing - Do not install non-business related applications (games, social apps) as there have been cases of these including ransomware components.
- Suspicious – Always be suspicious of emails. Some hackers review individuals facebook or LinkedIn pages in order to include personal details within their email. Although currently most Ransomware emails do not have legitimate email signatures.
- Confirmation – If in doubt, phone the sender to validate the message. Do not reply to seek confirmation – in some cases the criminals hack into mailboxes and respond to confirmation emails.
- Browsing – Certain non-business related websites have a higher likelihood of being host to damaging software. These sites are best avoided.
- Data - Ensure you save all your data onto your network drive and not your local drive. If your local drive gets compromised there is no backup.
- Proactive – Ensure you have up to date virus defence and firewall software running on your personal devices (home desktop, laptops).
How to know if you are infected:
- Slow performance – after opening an attachment your PC starts running slowly (this is while the virus is encrypting all the data it finds on your local and network drives). If it is a laptop you may notice a lot of disk activity.
- Alerts – many viruses notify the user that they have been the victim of Cyber Crime (but not all).
If you are a victim:
- Isolate - Where a computer becomes infected it should be immediately disconnected from the network or wifi.
- Seek assistance - Contact Wavex for professional assistance.
- Notification – Inform your management. Some regulated businesses may need to notify their regulatory body.
- Payment – In some cases payment is 10 to 20 bitcoins (equivalent to £5,000 - £10,000) and growing. And paying the bribe does not guarantee access to your data.
Other solutions and activities businesses perform to reduce their risks:
- Disaster Recovery (“DR”)– Ensure you have a good DR solution which allows a single server to be quickly failed-over to DR.
- Patch management – Make sure you have regular maintenance of your server estate to close security holes as the vendor finds them.
- Permissions - Review the level of privilege and access provided to end-users and whether this is appropriate.
- Defensive applications – Ensure you have a up to date virus defence product on all end-user machines.
- Signatures – Ensure your corporate email and mobiles add a specific signature. Currently most Ransomware emails do not have legitimate signatures. “Sent from my iPhone” is not sufficient.
- Network monitoring – Continuously monitor the network and servers for unusual traffic.
- Firewalls – Ensure firewalls are configured to limit the type of data that can go out as well as into the organisation.
- Security Domain Name Servers (“DNS”) – Use security DNS servers to notify you of unusual lookups.
- Email filtering – Ensure your email passes through anti-spam and malware filtering servers.
- Web Proxy – Pass your web traffic through proxy servers designed to intercept sites performing criminal activity.
- Backups – Regularly check the scope of your data backups. Do they include all your business data.
- Audit – Periodically check all your user devices for locally stored business data.
- Vulnerability Assessment – Ensure you frequently assess your IT vulnerabilities.
- Training – Perform frequent awareness and cyber security training.
- Policies – Ensure users are aware of your IT policies.
- Process – Ensure there is a well-defined process so both Wavex and your colleagues follow a defined set of actions for cyber crime event.