By Business & Finance 
Ken Bagnall, founder, The Email Laundry
It’s easy to see why ransomware has become one of the world’s biggest global cybersecurity stories: direct financial loss for rapidly growing numbers of victims.
The FBI estimates that cybercriminals collected $209m from this scam in first three months of 2016, and total gains could exceed $1bn by the time the year is through.
Large numbers of individuals and businesses have been affected, including some high-profile cases involving healthcare facilities and even law enforcement agencies.
Once the victim’s systems become infected, a message on their screen tells them they must pay (usually between $200-$400, and sometimes more) to have their data released. Fearing the permanent loss of vital data, many choose to give in to the criminals’ extortion and pay the ‘ransom’.
Large numbers of individuals and businesses have been affected, including some high-profile cases involving healthcare facilities and even law enforcement agencies
In a lot of cases, files are deleted by the hour, to force the user into acting quickly. This is social engineering 101; using classic techniques that infer urgency and compel the victim to make a decision fast. Some ransomware variants encrypt files as the user sits and deliberates; cruel, but effective.
In an awareness notice from earlier this year, The US Department of Homeland Security warned that paying up is no guarantee of having your encrypted files released. “It only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed,” the agency said.
That matches our experience, as we know of a few cases where the same organisations have been targeted on multiple occasions once the criminals know that they tend to pay up.
SOFTWARE UPDATES
So, how does ransomware infect our computers and what can we do to stop it?
The DHS alert said that “ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading”, which is when a user unknowingly visits an infected website and then malware is downloaded and installed without their knowledge.
From our experience, email is the most used route for scammers and criminals because by its nature it’s designed for open communication. It’s the unlocked door into every organisation.
There are various online email security services that enable you to block macros in Word documents that arrive as email attachments, or that quarantine the email
Email-borne ransomware is what we call a ‘broadcast’ attack. Unlike attacks against specific targets, criminals send large amounts of messages indiscriminately; hoping a small number of victims will open the messages and get infected.
We commonly see emails with infected attachments that distribute ransomware. Many try to get a particular department in a business message by sending it to hr@somecompany.com or accounts@somecompany.com, with the file appearing to be a CV or an invoice. In reality, the attachment is a macro-enabled Word document or an infected PDF – which aims to target organisations that haven’t updated their Adobe Acrobat Reader software application.
Another favoured tactic of cybercriminals is to include a link in the email which sends visitors to a site that downloads the malware in the background.
CARE AND ATTENTION
There are several tactics to minimise the risk from ransomware. There are various online email security services that enable you to block macros in Word documents that arrive as email attachments, or that quarantine the email.
Secondly, backing up data is one of the most effective approaches to limit the fallout from an infection, or to avoid it in the first place. A good disaster recovery plan that’s been tried and tested is your friend here. Just be careful of file sync apps like Dropbox: you could end up syncing infected files and the problem simply recurs even after you’ve cleaned up the affected PC or laptop.
For scammers and gangs behind these crimes, the low cost of mounting the attack means that even a handful of willing payers among the victims leads to a reasonable return on investment. In today’s digital world, email is essential but with some care and attention, you can avoid becoming another statistic for the FBI’s next update.
About the blogger
Ken Bagnall was a founder of The Email Laundry in 2007. In partnership with their MSP’s The Email Laundry keeps email safe for over 7000 organisations worldwide primarily through its anti spam and virus service. The service detects email borne viruses and malware an estimated 22 hours before the top AV signature based engines as well as blocking phishing and spam emails.
As a research and development centred company, The Email Laundry has also developed other email tools and services including, a threat intelligence platform monitoring the networks of over 1,000,000 users across Europe, phishing Awareness training, an email branding service at BrandAndSign.com, email encryption services and data leak prevention services.
Ken is also a director of Information Security Ireland, and a long-term premium member of CompTIA. Ken is also on the General Assembly of the EU Protective cyber security project.
