Cyber ransom: criminals take data hostage

Companies the world over are being held to ransom by criminal groups who encrypt valuable company data and take it hostage. Discover what you can do to protect your organisation from this frightening trend.

Even the most innocuous looking email can cause a world of pain – as every IT pro worth their weight will know. But in a frightening twist, the standard phishing email has become something far more sinister. Organised criminal gangs, mostly Eastern European, are taking advantage of our growing reliance on data storage and online communication to take and hold company data hostage.

The gangs send out a phishing email that hides a malicious program. Simply opening the email triggers the program, which then encrypts all the data held in connected hard drives, servers and even in cloud storage such as Google Drive or Dropbox.

Once the data is encrypted, it is completely unusable to its owner, effectively putting the brakes on business transactions. The next day, the gang sends another email. For a ransom, they will provide a ‘key’ to unlock the encrypted information. Don’t pay and your business is as good as dead.

CryptoLocker goes mobile

The gangs are using software called CryptoLocker, and analysts estimate that it infects around 1000 PCs every day around the world.

“It’s kind of like losing your computer or smashing your hard disk or dropping your computer in the harbour,” said Paul Ducklin, head of technology for the Asia-Pacific region at security company Sophos, in a recent interview with Scientific American. “You are never going to get your data back after your files are encrypted.”

Even more worryingly, the software has just jumped the divide between PCs and mobile, with an Android version recently reported in the wild. Android is the Google-developed mobile operating system that powers the vast majority of the world’s tablets and smartphones.

The Android version works slightly differently to the desktop ransomware. When a phone is infected, the user finds everything on their home screen locked. Usually they haven’t even opened a phishing email, simply visited a website that has injected a malicious program into their device.

The user is then confronted with a message accusing them of viewing porn, and implying they could face jail terms if they don’t pay the ransom to retrieve their phone functionality. This kind of attack is called a “drive-by attack” and is becoming increasingly prevalent in the free-for-all world of the Android operating system.

Protecting yourself against ransomware

One of the most alarming aspects of CryptoLocker and its ilk is that the software can attack any drive attached to an infected computer, including USB drives, conventional hard drives and the increasingly popular cloud storage used by many businesses.

Security firms have formed working relationships aimed at providing antivirus-like security fixes to CryptoLocker, but the malicious software is a moving target. When the good guys create a fix, the criminals simply amend their software and keep extorting people. Depressingly for Android users, there is currently nothing available to protect the operating system.

What can you do now?

Until a permanent solution is found, the security community agrees there are only two real methods to avoid catastrophe. The first is to remain vigilant and train staff to delete suspicious emails without opening them or their attachments. However, this is not ideal as it doesn’t consider employees receive many unsolicited yet legitimate emails every day.

The second is to regularly back up files to secure offline storage. That way, even if your storage is encrypted, the backup won’t be attacked, and can be used to restore critical business data without paying the ransom.

It’s still a wild world on the web and anything goes. Companies will need to remain vigilant and back up data frequently in an effort to keep one step ahead.