The United States Department of Homeland Security (DHS)—in collaboration with Canadian Cyber Incident Response Centre (CCIRC)—recently released an alert regarding ransomware variants. The alert, which served to bring awareness to this threat, provided tips for prevention and mitigation following numerous attacks on individuals and businesses in early 2016.
These ransomware attacks target home users and businesses, leading to:
- disruption to regular operations
- financial losses to restore systems and files
- potential harm to organizations’ reputations
- temporary or permanent loss of sensitive or proprietary information
What is Ransomware?
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Typically, users will see an on-screen alert or intimidating message stating the users’ systems have been locked and, unless a ransom is paid, access will not be restored.
Ransoms often range from $200 to $400 and must be paid using virtual currency, like Bitcoin. Paying ransoms doesn’t guarantee encrypted files will be released or that malware infections will be removed—it only means that attackers have received payment and the users’ financial information may be compromised.
How is Ransomware Spread?
Commonly, ransomware is spread either through phishing emails that contain malicious attachments or through “drive-by downloading.” Drive-by downloading occurs when a user unknowingly visits an infected website, and then malware is downloaded and installed without the user’s knowledge.
Newer malware variants that are spread through social media, including Web-based instant messaging applications, may also encrypt files or attack vulnerable Web servers.
How to Protect Your Financial Institution
Ransomware infections can be devastating to individuals and organizations, and recovery can be a difficult process. So, aside from disconnecting from the Internet and handcuffing your organization’s users, take these preventative measures to protect your financial institution:
- Educate employees about ransomware to prevent them from surfing malicious websites, downloading risky applications and following unsolicited links in emails; and encourage employee cooperation should an outbreak occur
- Employ such technical measures to protect your organization as firewalls, application whitelisting, IPS (network), malware protection, content filtering and blocking of known malicious websites
- Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process
- Update and maintain operating systems and software with the latest patches to reduce the number of exploitable entry points
- Restrict users’ permissions for installing and running unwanted software applications to prevent malware from running or limit its capability to spread through the network
- Avoid enabling macros from email attachments or block email messages with attachments from suspicious sources
Following these recommendations can help protect your financial institution against ransomware; however, in the event your organization is attacked, the US-CERT discourages individuals and organizations from paying ransoms. Instead, report instances to the FBI at the Internet Crime Complaint Center.
Stephen Smith serves as network and security services manager for the CSI Managed Services’ NOC.