Alert on Ransomware Attacks and Prevention
Imagine entering your office, sitting down with a cup of coffee, and going through the routine task of logging on to your computer to review your emails and schedule for the day. Except this time, there is a problem. A message on your screen appears: “Your computer has been infected with a virus. You must pay $1,000 within 72 hours to access your data.”
Ransomware, a type of malware that restricts the victim’s access to the compromised system, is used to extort money in exchange for a decryption key that will, sometimes, unlock the encrypted files. An on-screen message usually directs the victim to pay the ransom in an untraceable currency, such as Bitcoin. Recent statistics show that approximately 80% of ransomware attacks have been successful because of potentially preventable human error. Ransomware is commonly spread through phishing emails or downloading from an infected website. Certain types of ransomware have been spread through instant messaging applications.
The rise in ransomware attacks, particularly targeting health care facilities and hospitals worldwide, has prompted the Computer Emergency Readiness Team of the United States Department of Homeland Security (US-CERT) and the Canadian Cyber Incident Response Centre (CCIRC) to release a joint alert providing information on ransomware and how it can be prevented. To read this alert, CLICK HERE.
The alert sets out the following preventive measures for protecting your network from a ransomware infection:
- Employ a data backup and recovery plan for all critical information. Test backups to limit the impact of data or system loss and to expedite the recovery process. The backup data should be kept on a separate device, and should be stored offline;
- Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting allows only specified programs to run, while blocking all others, including malicious software.
- Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources.
- Do not follow unsolicited Web links in emails.