ImproMed, LLC. Logo
Issue: 73 - Jan 15, 2015
One wrong click, and hackers encrypt all your files
By: Joe Dysart
Joe Dysart

IT security experts are warning veterinarians there's been a spike in the scourge  of ransomware -- malicious software that freezes-up a computer, encrypts all of its data and demands a ransom for the system's restoration.

*Since February 2013, more than 600,000 victims worldwide have reportedly been infected with just one variant of the malware -- CryptoWall -- according to an October 2014 report released by Dell ( http://www.secureworks.com/cyber-threat-intelligence/threats/cryptowall-ransomware/ )

“This is the next generation of ransomware -- and you can expect this new version to spread like wildfire,” says Stu Sjouwerman, CEO, KnowBe4, an IT security firm that specializes in IT security awareness training for small and medium-sized businesses.

Essentially, cyber-crooks trigger the extortion scheme by slithering past a PC's defenses and delivering software onto the computer that auto-encrypts every file on the hard drive.

Plus, the malware also infects all the external hard drives connected to the PC.

Generally, the software is inadvertently downloaded by victims after they click on what looks like a legitimate banner ad.  They also can also pick-up ransomware when they visit an infected Web site, or click on an infected attachment on an email, according to the Dell report.

Unfortunately, it's easy to be tricked by such schemes, since the crooks often send ransomware-infected emails that carry innocuous titles like "missed fax" or "voicemail," according to the Dell report. 

When a user clicks to download the item, the ransomware immediately invades the PC, executes and begins encrypting all the data on the system.
Once encryption is complete, a message pops-up on the victim's PC screen, informing the victim that there has been an hostile take-over of the machine, and demanding a ransom. 

Often, crooks demand ransoms ranging $200 - $2,000.  It's an amount that's painful to pay, by low enough for many companies to tolerate in the hopes that the ransomers will be true-to-their-word and restore a machine once money exchanges hands, according to the Dell report.
Moreover, companies that put-off paying a ransom -- usually more than four-to-seven days -- often face threats of being forced to pay even larger ransoms, according to the Dell report.  In one case, a victim was forced to pay $10,000 for the release of encrypted files, according to the Dell report.
All told, Dell estimates that during a 6-month period in 2014, $1.1 million in ransom was paid to thieves using just one variant of ransomware, CryptoWall.

Ironically, the advent of new digital currencies is helping promulgate the criminal activity.  Ransomers often
often demand to be paid in Bitcoin, an Web-based currency that can be easily -- and anonymously -- exchanged over the Web.

And while ransomware is often associated with visiting sketchy areas of the Web -- the digital equivalent of stumbling into a bad neighborhood -- the malware has also been found on some extremely high profile Web sites.
 
In October, for example, ransomware was found embedded in ads on a number highly trafficked Web sites, including Yahoo, Match.com and AOL, according to an October report by Proofpoint, an IT security firm.

Using infected ads on those high profile Web sites was a clever move, in that the thieves did not have to overcome the formidable security defenses of major Web sites like Microsoft.com -- or even the ad networks servicing those sites, according to the Proofpoint report.

Instead, the crooks simply stole legitimate ads, infected them with ransomware payloads, and then fed those ads back into the ad networks used by the previously mentioned highly trafficked Web sites.

With this tactic, the criminals were able to bypass the formidable defenses of major Web sites like Bing.

Many companies aware of the ransomware scourge and similar malware scourges already have education programs in place, which train employees how to detect and guard against the most common sources of ransomware.

But the extortionists, who apparently have nothing better to do all day, are always finding ways to up-the-anti in the never ending game of cat-and-mouse.
Says KnowB4's Sjouwerman:   “For example, most people are aware that they should avoid clicking on executable files.   However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid social engineering red flags.”
Sadly, the nightmare of the take-over software is also evolving with the digital revolution.  Newer variants of ransomware, for example, are popping up on mobile technologies like Android phones, according to an October report from F-Secure, an IT security firm. 
With the mobile technologies, the ransomware payload often comes in the form of apps-for-download, according to the F-Secure report.
Bottom line:  Unfortunately, there is no way to completely safeguard any veterinary practice against ransomware, 24/7.  But there are a number of deterrents organizations can put in place, including these:
*Block executable files ( such as .exe files) and compressed archives (such as .zip files) containing executable files before they reach a user's inbox.
* Keep your practice's operating systems, browsers, and browser plug-ins, such as Java and Silverlight, fully updated to prevent compromises resulting from exposure to ransomware.  "Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can," Knowb4's Sjouwerman adds. "This diminishes your attack surface."
*Once infected, try disconnecting your network from the Internet.  This move can sometimes temporarily neuter ransomware until it can be discovered and removed.
*Program hard drives on your computer network to prevent any unidentified user from modifying files.
*Regularly back up data with so-called "cold," offline back-up media that does not and has never been connected to the Internet. "Make regular backups, and have a backup off-site as well," says Knowb4's Sjouwerman.  "Test your restore function regularly to make sure your backups actually work."

*Check out KnowB4's free Phishing Test:  Essentially, this test from KnowB4 (http://www.Knowbe4.com) enables you to identify people in your employ who are prone to be duped by ransomware operators looking to sneak into your network via online ads, Web sites and emails. 

*Consider a pre-emptive, employee training service like KnowB4:  This company offers a security awareness training program, designed by Kevin Mitnick.

Mitnick is an internationally recognized computer security expert, who has extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices.

"Our Internet security awareness training is designed to ensure they understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge on the job," Mitnick says.  "This allows organizations to create a ‘human firewall’ that actively works to prevent network security breaches."

For more information on protecting your veterinary practice from ransomware, check out:

*"Dealing With Ransomware" Podcast:  from IT Security Firm Sophos ( https://nakedsecurity.sophos.com/2014/11/25/sophos-techknow-dealing-with-ransomware )

*Proofpoint's Report on Ransomware on Major sites like Microsoft.com:  http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php

*F-Secure's Threat Report:  https://www.f-secure.com/documents/996508/1030743/Threat_Report_H1_2014.pdf
================================================
Joe Dysart is an Internet speaker and business consultant based in Manhattan.  Voice: (646) 233-4089.  Email: joe@joedysart.com .  Web: www.joedysart.com .