At the start of the year, the FBI issued an alert warning internet users about the rising threat of ransomware, detailing its dramatic increase in both frequency and sophistication. Looks like the feds were on point: as it stands, 2015 has turned out to be a record year for data hostage-taking. So what can be done to defend oneself against this new insidious threat to data sovereignty?
Ransomware campaigns usually come in one of two forms: (1) a computer lock scheme with unlocking upon ransom payment, or (2) a file encryption scheme with decryption upon ransom payment. It's common for perpetrators to masquerade as government agencies or law enforcement, usually threatening the victim with arrest/prosecution if a fine isn't paid for some digital transgression. This hapless victim even turned himself in to the authorities, guilt-ridden, after being duped by child pornography ransomware.
Typical ransomware screen. Source: Wired.com
Ransomware typically arrives onto the victim's machine as a Trojan, usually through a file download or email attachment. Unpatched software and systems are a common area of exploitation for attackers as well—one of the many critical Flash vulnerabilities this year was exploited with a pay-to-decrypt ransomware scheme.
The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?
Despite its name, this latest form of ransomware is not due to a Linux vulnerability, per se—but in a security flaw in Magento ecommerce platform, which runs on LAMP (Linux, Apache, MySQL, PHP). Once executed, the Trojan encrypts the contents of the /home, /root and /var/lib/mysql folders. Additionally, it attempts to also encrypt the contents of root (/), bypassing only critical system files so the OS is able to boot again. A patch to fix the vulnerability has been available from the Magento website since February 9, 2015.
Linux.Encoder.1 ransom instructions. Source: Arstechnica.com
The cost of the ransom for decryption? 1 bitcoin, or ~$500.
Preventing Data Hostage Scenarios
Ransomware takes advantage of vulnerabilities in widely used software and platforms like Flash, Magento, and WordPress to propogate and install malicious payloads. And in most of these scenarios, lack of visibility and proper updating are what lead to most data hostage scenarios. Don't leave your critical system unpatched—try UpGuard today to see what hidden vulnerabilities are lurking your environment. It's free for up to 10 nodes and could save your organization from becoming the next data hostage casualty.
The CSTAR score is a single, easy-to-understand value representing an organization's aptitude in the areas of compliance, integrity, and security.
Improving the accuracy of cyber risk assessment has the same beneficial effects as in other branches of insurance. First, premiums more closely reflect the risk a policy holder presents to the insurer, making the system more fair. Second, attributing risk factors to elements within the policy holders control like IT systems, rather than immutable factors like industry sector, provides a path to improving the risk profile. Third, companies that might have appeared too risky to acquire cyber insurance under models based on external data will be able to demonstrate that they present a lower risk than their peers.
Do you want to see this in action?
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
Whenever possible, try to fix potential outages before they occur. Getting a notification that something broke is never enjoyable.
Read Blog >
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >