Ransomware is running rampant among the IT world, with notorious file-encrypting ransomwares such as CryptoWall and TeslaCrypt making its rounds.
Just last week, Malaysia's national specialist agency CyberSecurity Malaysia issued a new national warning to Malaysian Internet users to be on the alert for ransomware.
"Ransomware attacks have become increasingly sophisticated, targeted and lucrative. The recent surge in this form of cyber-attack has many organisations and users understandably concerned," said Eric Chan, Solution Consulting Director, Fortinet Southeast Asia and Hong Kong.
Ransomware is a form of malware that infects devices, networks, and data centres by preventing them from being used until the user or organisation pay a ransom to have the system unlocked. In the recent past weeks, a number of companies were affected by new ransomware "Locky". "Locky" surfaced in February 2016 and quickly grew to become the second largest family of ransomware in the world, just behind CryptoWall and ahead of TeslaCrypt. The United States, France and Japan are the top 3 countries infected by Locky, but the ransomware is also leaving its marks on the Asia Pacific region.
Ransomware can be delivered in a number of ways such as an infected file attached to an email. Drive-by downloading is another, where a user visits an infected website and malware is downloaded and installed without the user's knowledge. Ransomware can also spread via social media such as Web-based instant messaging applications. And most recently, vulnerable Web servers have been exploited as an entry point to gain access into an organisation's network.
Crypto Ransomware can infect an operating system so that a device is unable to boot up while other ransomware encrypt a drive or a set of files or file names. Some malicious versions can even have a built-in timer and will begin deleting files unless a ransom is paid.
In light of the looming ransomware threats, Fortinet urges Malaysia's enterprises to take TEN STEPS to protect an organisation from the effects of ransomware:
1. Develop a backup and recovery plan – To prepare effectively in case of ransomware attack, back up your systems regularly, and store that backup offline on a separate device.
2. Use professional email and web security tools – these tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment.
3. Keep your operating systems, devices, and software patched and updated to ensure up to date defence to block entry ways for cyber criminals.
4. Ensure your device and network antivirus, IPS, and anti-malware tools are running the latest updates.
5. Use application whitelisting where possible - this prevents unauthorised applications to be downloaded or run.
6. Segment your network into security zones - An infection in one area cannot easily spread to another with segmentation.
7. Establish and enforce permission and privilege – The uses of strong passwords are highly encouraged and to reduce risks, change the passwords often.
8. Establish and enforce a BYOD security policy – to ensure consistent enforcement of inspection, thus blocking devices which do not meet your standards for security.
9. Deploy forensic analysis tools – helps identify where the infection came from, how long it has been in your environment, that you have removed all of it from every device, and that you can ensure it does not come back.
10. Do NOT rely on employees to keep you safe (CRITICAL) - While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in any security chain, thus there must be alternative plans in the event of a security compromise.