Information for Business from Lenovo
Joshua Gliddon
Contributor: Joshua Gliddon
The net’s ransom: Criminal groups take servers and phones hostage

Unlucky companies across the world have been discovering that even the most simple-looking email can cause a world of pain.

As our dependence on online communication and data storage grows, organised criminal gangs – predominantly from Eastern Europe – have started taking advantage of this reliance in order to hold companies’ data hostage. The gangs send organisations a phishing email that hides a malicious program – opening the email triggers the program, which then encrypts the data held in connected hard drives, and even in cloud storage such as Google Drive or Dropbox.

Once the data is encrypted, it is completely unusable to its owner, effectively putting the brakes on business as usual. The next day, the gang sends another email. For a sum of cash, they will send a ‘key’ to unlock the encrypted information. Don’t pay and your business is as good as dead.

CryptoLocker goes mobile

The gangs are using software called CryptoLocker, and analysts estimate that it infects around 1000 PCs every day across the globe.

“It's kind of like losing your computer or smashing your hard disk or dropping your computer in the harbour,” said Paul Ducklin, head of technology for the Asia-Pacific region at security company Sophos, in a recent interview with Scientific American. “You are never going to get your data back after your files are encrypted.”

Even more worryingly, the software has just jumped the divide between PCs and mobile, with an Android version recently reported in the wild. Android is the Google-developed mobile operating system that powers the vast majority of the world’s tablets and smartphones.

The Android version works slightly differently to the desktop ransomware. When a phone is infected, the user finds everything on their home screen locked. Usually they haven’t even opened a phishing email, simply visited a website that has injected a malicious program into their device.

The user is then confronted with a message accusing them of viewing porn, and implying they could face jail terms if they don’t pay the ransom to retrieve their phone functionality. This kind of attack is called a “drive-by attack” and is becoming increasingly prevalent in the free-for-all world of the Android operating system.

Protecting yourself against ransomware

One of the most alarming aspects of CryptoLocker and its ilk is that the software can attack any drive attached to an infected computer, including USB drives, conventional hard drives and the increasingly popular cloud storage used by many businesses.

Security firms have formed working relationships aimed at providing antivirus-like security fixes to CryptoLocker, but the malicious software is a moving target. When the good guys create a fix, the criminals simply amend their software and keep extorting people. Depressingly for Android users, there is currently nothing available to protect the operating system.

What can you do now?

Until a permanent solution is found, the security community agrees there are only two real methods to avoid catastrophe. The first is to remain vigilant and train staff to delete suspicious emails without opening them or their attachments. This is an imperfect fix, however, as it doesn’t take into account the fact that employees get unsolicited emails every day, many of which are legitimate.

The second is to back up files to secure offline storage on a regular basis. That way, even if your storage is encrypted, the backup won’t be attacked, and can be used to restore critical business data without paying the ransom.

Security companies will continue to work around the clock on a solution, but while unsuspecting companies still fall prey to the software, it’s likely the emails will keep coming. As well as a timely reminder to back up your data, CryptoLocker also demonstrates that 25 years after the invention of the internet, it’s still a wild world out there.

SHARE
Recommended articles
Australia’s cyber–security landscape
Darren Baguley
Data centre security: Ensuring protection at the server level
ThinkFWD
How to save on IT procurement
Iain Ferguson
Speak to A Lenovo Business Solution Specialist Today.