New Ransomware Threat: 7 Things You Can Do To Protect Your Bank.
Security researchers say there’s been a flood of new malware variants reaching the market and cybercriminals are eager to cash in on the profit potential afforded by ransomware. A new “ransomware” program dubbed Ranscam has been working its way around and is far more blunt than more sophisticated ransomware programs.
Normal ransomware that encrypts a victim’s files en masse, deleting the originals and then demanding bitcoins for the decryption key is bad enough. But Ranscam is simply malware that deletes all of a victim’s data, and then pretends that it was encrypted until victims pay the ransom.
Ranscam promises to decrypt a locked PC in exchange for 0.2 bitcoins (about $135), but the supposedly encrypted files have already been deleted. Researchers have found that the ransomware doesn’t include any encryption or decryption capabilities. Instead, the .NET executable malware runs a batch file that deletes the contents of designated folders as well as core Windows files that get used for restoring the system, shadow copies of files and registry keys associated with booting into safe code, among other files.
After that, the malware displays the ransom note, but by then it’s too late. “The author is simply relying on ‘smoke and mirrors’ in an attempt to convince victims that their files can be recovered in hopes that they will choose to pay the ransom.
It’s not clear how widespread Ranscam might be, or how attackers have been sneaking it onto victim’s computers. It’s not the first virus to outright delete data. But in recent years, such attacks have been relatively rare.
7 Enterprise Ransomware Defenses
The takeaway from threats such as Ranscam or any other malware is simple: Preparation is everything
The U.S. Computer Emergency Response Team, part of the Department of Homeland Security, recently updated its recommendations for battling ransomware.
US-CERT recommends:
- Backups: Back-up everything, do it frequently, and ensure backups are stored on an isolated network and tested frequently.
- Whitelisting applications: Prevent malicious software and unapproved programs from executing.
- Updated operating systems and software: Known OS and application flaws are often targeted by attackers to infect systems with malware.
- Anti-virus: Keep AV software up-to-date, and use it to scan all downloaded software before allowing it to run.
- Least privilege: Restrict users’ ability to install or run their own software applications.
- Killing email-borne macros: Attackers use macros to spread malware.
- Don’t click: “Do not follow unsolicited web links in emails,” US-CERT says.
Of these #1 is key. Simply keeping good backups would take a big bite out of ransomware attackers’ profits. Having a reliable backup strategy in place helps ensure that systems can be restored; it also ensures that attackers are no longer able to collect revenue that they can then reinvest into the future development of their criminal enterprise.
If you have any questions about ransomware, malware or other threats to banking IT security contact ITPAC today.