Imagine getting locked out of your computer — not because you forgot your login credentials, but because of a virus. Now imagine having to pay cybercriminals a hefty sum to regain access to all your files, customer data and confidential business information. That's exactly what happens when you get hit with ransomware — a virus that infects computers, and then demands ransom to restore the system. Reports of these viruses have skyrocketed in 2014, recently prompting the FBI to issue cybercrime warnings addressing the ransomware attacks, specifically Cryptolocker.
So what is Cryptolocker? Cryptolocker and its proliferating variants are a form of ransomware. Cryptolocker is typically disguised as an email attachment. Once opened, the virus spreads, locks the computer and holds it hostage. In many cases, the ransom includes a deadline, in which the amount a user must pay increases if ransom isn't paid within the hacker's time period.
Although not opening attachments from unknown senders is a basic security measure, what makes Cryptolocker and its variants so effective is that such emails and attachments seem legitimate. For instance, a new report by security training and consulting firm KnowBe4 revealedthat the latest Cryptolocker attacks largely hit businesses that used Craigslist for recruitment. Cybercriminals searched for job postings, then sent resumes carrying the Crypotlocker virus. Thinking the sender is a job applicant, businesses opened the attached resume, triggering the ransomware. [Sneak Attack! 5 Hidden Ways Viruses Infect Your Computer]
Now here's the kicker: Antivirus software can't keep businesses safe from Crypolocker, its variants or other ransomware. To help protect your business, Stu Sjouwerman, CEO at KnowBe4, shared the following insights on why antivirus programs fail against ransomware, new methods of distribution and what to look for to prevent an infection.
1. Why antivirus does not protect against ransomware
Professional Eastern European cyber-mafia are working at a furious pace to come up with malicious software to steal your hard-earned cash. According to AV-Test.org, there are more than 220,000 new malicious programs received every day.
These programs create a malicious website, run a spear-phishing campaign to get the malicious software distributed — including inserting themselves into known good sites — and then disappear after six hours. Unfortunately it takes antivirus companies an average of about six hours to update their malware definitions, once they know about the malware.
Current catch rates from antivirus companies run at best between 80 and 90 percent. Most antivirus companies test against known malicious software found "in the wild" and do not do as good a job against zero day malware, which exploits holes in software as soon as the vulnerability is known.
If the Cryptolocker or other ransomware is known, an antivirus program may block it, but usually it is an unknown variant or one that can bypass the filters in place. More often than not, a business antivirus may be out of date or software unpatched, where updates are not installed.
[For a side-by-side comparison of the best antivirus software, visit our sister site Top Ten Reviews.]
2. Relying on antivirus protection alone puts businesses at huge risk
Aside from the loss of data, businesses set themselves up for other risks. The bigger they are, the harder they fall, as happened to Target and eBay. Fines are huge for loss of personally identifiable information, but losing credibility with customers is even worse and can quite literally put a company out of business.
3. There are several ways businesses can protect themselves against ransomware
First, businesses can perform multiple backups in case they do get hit. Offsite backups should be included as some ransomware will encrypt most local files, files shared on the network and local backups, as well as disable services that use shadow copies.
Moreover, one of the most effective ways businesses can protect themselves against ransomware is to put employees through an effective security-awareness training program. For instance, KnowBe4's Security Awareness Training guarantees that it works or the company will pay your ransom if you get hit after doing the training.
KnowBe4 also recommends that businesses layer their security and not depend on one thing to unilaterally protect themselves. One such solution is whitelisting, which only allows "known-good" executables to run on the machine. Whitelisting also makes it possible for browsers to alert users of potentially dangerous domains (and confirm if they want to proceed) based on real-time and local whitelist data.
Originally published on Business News Daily