According to Symantec’s Internet Security Threat Report 2014, ransomware threats, which first hit cyberspace in 2012, grew by 500 percent last year. The goal behind these exploits is exactly as it sounds: Attackers deny users access to their data unless they pay a ransom, at which time they receive a decryption key.
These attacks are generally in the form of phishing emails: Users are invited to either click on a link or download a file, which then infects their systems. Symantec reports that the ransom requests are, on average, between $100 and $400. If you don’t pay before the deadline, the price increases.
Robert Siciliano, identity theft expert at San Francisco-based BestIDTheftCompanys.com and author of 99 Things You Wish You Knew Before Your Identity Was Stolen, notes that SMBs are prime targets for ransomware attacks: They’re for-profit (and thus, have access to funding), they stand to lose a lot if their or their clients’ data is stolen, and they generally don’t have the resources to fight back. So many pay the fee, something Siciliano cautions against. “It’s never a good idea to pay the ransom because you’re funding bad guys, which could mean you’re buying tires for their Benz or funding a terrorism operation,” he says.
Paying up also doesn’t guarantee that the victim will receive a decryption key, although in many cases they do, says Bob Weiss, CEO and chief technician at WyzGuys (a trademark of WyzCo Group LLC), an IT services firm based in Bayport, Minn. Even so, there is no way of knowing that the decrypted data isn’t otherwise infected. “Any affected systems, as far as I’m concerned, need to be completely cleansed, which means you wipe that drive and start over, because you just don’t know what they’ve left behind.”
Siciliano preaches prevention first, in the form of anti-virus, anti-spyware, and anti-phishing firewalls; regular updates on security patches; and employing a sound security policy when it comes to BYOD. “It’s becoming a much bigger problem, especially with Android devices. Android, as a work device, is exponentially more vulnerable than a BlackBerry or an iPhone because of the Android operating system,” he says. These devices require anti-virus software much like PCs, and he suggests that organizations adopt enterprise mobile management (EMM) systems to protect data stored on mobile devices.
Penetration testing—where an organization will hire a certified ethical hacker to analyze vulnerabilities within a company’s network—is another means of preventing a ransomware attack, Siciliano says. This can be valuable to an SMB, since the phishing emails that attackers send out often appear to be legitimate, even using the names and email addresses of colleagues in the headers. For channel pros, this provides the opportunity to offer training to clients on what to look out for—and what not to do—when presented with an email that appears to be legit … but may not be.
“We’re getting more heavily involved in doing formal education and training with our clients,” Weiss says. He also points clients toward tools such as VirusTotal.com, or simply has them direct any suspicious emails to him, so he can test them on his own sacrificial equipment.
At this point in time, channel pros are well-positioned to offer services such as those Weiss provides, simply because businesses remain extremely vulnerable to cybersecurity attacks. “Right now people are almost completely undefended,” Weiss says. “It’s very much like the Wild West. The bad guys have cooler and better tools, and really good software writers working for them. It makes it tough.”