Security Advisory - 5 Things You Should Know About Rasomware

05/05/16
Information Security Logo

Things you should know about Ransomware

Once a problem only for consumers, ransomware is now costing businesses millions—and employees are often to blame.  Here are some things you should know about this problem:

1. You can avoid it.  Ransomware doesn’t magically appear on PCs.  In most cases, users are infected when they click on a phishing link or visit a compromised website.  So all the skills you use to avoid spearphishers will help you steer clear of ransomware too.

2. It’s extremely nasty.  Ransomware encrypts files the victimized user has access to, making it virtually impossible to work.  The user is alerted with instructions on how to obtain the recovery key, typically for $300 to $500.  Some attacks, however, are enterprise-centric and demand much more; the Hollywood Presbyterian Medical Center reportedly paid over $17,000 to a criminal enterprise to recover its encrypted data.

3. Businesses are not safe.  As with the hospital example above, it’s important to note that ransomware is increasingly aimed at large enterprises, where the stakes are greater and the pockets deeper.       

4. What to do if it happens to you.  The best solution is to treat the event as any other disaster. Contact the Service Desk immediately. Make sure business critical information is being backed up. As of today, other than restoring from backup, there is no known method for recovering lost data without cooperating with the criminals responsible for the ransomware.

5. It’s unclear whether you should pay up.  For a while, the FBI seemed to be advising people that victims may want to consider paying for recovery.  But that position was later clarified; the FBI says victims should only consider paying when there is no other recourse, such as recovering from backups.

Security FYI Logo

ATM Compromises Jumped 546% in 2015
The number of ATMs in the U.S. compromised by criminals rose 546 percent in 2015, software firm FICO says.  The number of ATM compromises in 2015 was the highest ever recorded by FICO, which monitors hundreds of thousands of ATMs.  Criminal activity was highest at non-bank ATMs, such as those in convenience stores, where 10 times as many machines were compromised as in 2014. ATM compromises are also taking place over fewer days; the average duration of such a breach fell from 36 days in 2014 to 14 days in 2015.  The average number of cards affected by a compromise was cut in half.

Government Worse than All Major Industries on Cybersecurity
U.S. federal, state, and local government agencies rank in last place in cybersecurity when compared against 17 major private industries, including transportation, retail, and healthcare, according to a new report.  The analysis from Security Scorecard measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords, and susceptibility to social engineering. The education, telecommunications, and pharmaceutical industries also ranked low, the report found.  Information services, construction, food, and technology were among the top performers.

It Costs Only $20 to Steal an Identity Online
Dell SecureWorks has released a report examining the state of the underground hacker marketplace, and it contains some bad news: business is strong.  Like any marketplace worth its salt, supply and demand set prices.  Dell found the cost for someone to buy your digital identity was generally dropping, as ways to jimmy those locks have become more common and cheaper. At the same time, prices have been steady or on the rise for stolen bank account credentials, frequent flier miles, passports, social media accounts, and other private information.  Overall, these are boom times to hack someone’s identity or launch digital assaults on victims.

 

The above notice is archived content and may contain information that is no longer valid. This includes URL's that were valid when originally published, but may now link to sites or pages that no longer exist.