A Google ransomware warning has been issued after the giant uncovered a criminal hot bed utilising the cyber attack.
The search engine giant located this network by using thousands of decoy victims to build a pattern, and subsequently an understanding of what is lurking under the cyber surface.
The discovery led to Google realising that there are two variations of ransomware that are the most formidable, and have been used to steal the largest sum of money. It turns out that they are from the Locky and Cerber strains.
The Google ransomware warning was made today at the Black Hat event today, with the company also outlining the effectiveness of ransomware over the last two years. Cyber criminals used this form of attack to steal $25 million, with 2016 proving to have been the most lucrative, according to Google.
In the event that the Google ransomware warning is right, and we will not be able to escape from ransomware completely, CBR has compiled some expert opinion to give you some things to remember. These tips will give you the best shot at protecting yourself and potentially your organisation too in light of the Google ransomware warning.
Remember to patch
Andrew Clarke, and EMEA director for One Identity:”It is no surprise to read that the Google and New York University research, which effectively created a honey-pot to measure real-world activity associated with ransomware, revealed a sophisticated set of payment techniques. Criminals that appear to have switched their focus to this
method of extortion have access to easy-to-use tools through “ransomware-as-a-service” offerings – which means that they can mass target communities very quickly.”
“Although the recent wave we read about, Wannacry and NotPetya did not generate much income – there are so many other variants emerging that it is still a worthwhile business for them to pursue with an overall multi-million payout. Companies can mitigate the risk involved by ensuring that their systems are fully patched, regularly backed up and protected by network firewalls blocking malicious communication
ports. They can ensure that their users receive regular updates to prepare them for the various techniques employed by cyber criminals. And they can manage their user population by having a solid provisioning/de-provisioning tool to ensure that only the right people have access to the right systems at the right time.”
Remember to backup
Massimo Merlo, VP of EMEA Enterprise and Regional VP of UK & Ireland at Veeam Software “If ransomware isn’t going away – and it doesn’t seem to be – it’s time for businesses to take action. To mitigate the risk of ransomware, technology is critical. Data backup with air-gapped protection – the process of isolating a backup from the live network in order to conduct a data restore – is a solution that seems to have been overlooked in the fight against ransomware thus far. The very first recommendation that is provided by the US FBI in its guide, ‘Ransomware Prevention and Response for CEOs’, is to ensure that critical data is backed up and stored offline, and that restoration of this data is regularly validated.
“You shouldn’t strive to make yourself hack-proof. The speed at which attacks are changing means this is virtually impossible. Rather, you should make your security as robust as possible and ensure your backups are not solely located on your network, to eliminate the possibility of attack or corruption.”
Remember to have security software
Mark James – Security Specialist at ESET, said: “Malware is bad. Some infections are worse than others, but generally time, knowledge and an understanding of how the infection has taken root will enable you to remove most malware. Ransomware however, is a whole new level.”
“It comes in two parts, the infection side of things will do all it possibly can to get on your machine, exploits, vulnerabilities, phishing, spam or email. Once infected the Ransomware can then take hold. More often than not the encryption used is the same strength as would be recommended by professional companies to keep your data safe from prying eyes.”
“Once your files are encrypted and your “scary screen of sorrow” is on display you only have a few choices; paying the ransom should not be a choice, all you are doing is helping them fund their next venture or paying the criminals for their hard work. Decrypting the data could be an option- all you need is a public decryptor tool or a lot of GPUS (Graphics processing unit) and a time machine. Of course you could just restore from your backup…. You did backup right?”
“A good “point-in-time” regular backup stored off line or off premise will enable you to restore your files and data back to a safe time with little or no loss. Make sure you have a good regular updating internet security software package installed to stop the malware infection in the first place and keep your operating system and applications up to date. This will limit the chance of exploits or vulnerabilities being used to infect you in the first place.”
Remember to always be aware
Marco Cova, senior security researcher at Lastline said: “There are various reasons why ransomware has become the tool of choice for criminals. Nowadays, ransomware campaigns are relatively easy to set up, even by criminals that are not particularly sophisticated: in fact, various steps of an attack can be outsourced to groups that specialize in particular activities, for example, distributing the actual malware or “supporting” users that have been affected to help them pay the ransom.
Second, the pool of potential victims is very large: even if the attack has a low success rate (say, compromising only the least sophisticated users), it promises to have a big return. Third, ransomware can be immediately monetized by attackers (most often using virtual currencies), therefore removing one hurdle for attackers; for example, the need to engage in dark markets to sell stolen credentials.
Finally, ransomware promises to be lucrative, even after accounting for the costs of setting up a campaign. One approach to contrast ransomware is to make it too expensive for criminals to run a successful campaign. This can be done in various ways: for example, improving the cyber awareness of users, having more restrictive security controls on our devices (in 2017, there really is no reasons why clicking on an attachment may lead to encrypting all of your files), using more effective malware detection tools, enforcing anti-money-laundering rules to the organizations that run virtual currency exchanges.”
Remember an attack is only the beginning
Wieland Alge, GM EMEA, Barracuda Networks said: It’s important to remember that while cyber criminals have made $25m from ransomware, this is merely the initial financial impact of these styles of attacks.
The full impact on businesses is much more. The WannaCry attack in particular cost the NHS far more than a ransom, due to its systems being down for so long as a result of the attack. In fact, our own research revealed that customers (35%) and even employees (32%) had lost faith in organisations’ cyber security as a result of an attack. One in five reported a temporary closure of the business (21%) or a loss of customers altogether (17%).
The report is particularly worrying in the face of so much expert advice out there telling organisations not to pay the ransom.
Awareness regarding ransomware is increasing in light of some major, recent use cases, foremost of which are WannaCry, and Petya, both grabbing global headlines.
The Google ransomware warning is extremely important however, as businesses and individuals must keep up a strict regime of patching on time, maintaining backups, and not slipping up and releasing critical information.
Another benefit of the Google ransomware warning is the fact that it will provide a lasting reminder to professionals in particular, that the threat is always active, and will not simply diminish while breaches are still being made.