This week we uncovered a new form of ransomware malware (Locky), which infects organisations and holds data hostage until a ransom is paid. This significant discovery signals a noteworthy shift in cybercriminal behaviour. The massive volume of Locky messages indicates that ransomware will increasingly be a bigger issue. This new form of ransomware originates from the cybercrime kingpins behind the highly-circulated banking Trojan, Dridex, so they must be seeing a return on their investment.
Ransomware also made headlines this week as Hollywood Presbyterian Medical Center paid hackers $17,000 in exchange for relief. Ransomware is especially dangerous for the healthcare sector as highly sensitive health records, payment information and personally identifiable information are at risk. If destroyed, both patient health and the healthcare institution’s ability to provide the best care hangs in the balance. Because of the profit potential, healthcare organisations are widely targeted with these sorts of attacks.
How to Prevent Ransomware and What to Do if You Are Infected
Below are three tips for preventing a ransomware infection:
- Regularly backup your system. This is the most reliable method for recovering infected systems.
- Avoid free decryption tools. Most have no easy solution to many forms of ransomware. These tools will not save you in the event systems are encrypted by an attacker.
- Use a best-of-breed advanced threat solution. It needs to be able to detect ransomware delivered via email or social media, or when it attempts to run on a targeted endpoint. We protect all Proofpoint Targeted Attack Protection customers from ransomware like Locky.
If you are infected with ransomware, don’t pay the attackers to recover your encrypted files. Even if the attackers keep their word and decrypt your data, there is no guarantee that they will not leave other forms of malware running on the system. This malware could carry out other crimes, like sending spam emails, launching DDoS attacks and stealing personal/financial data for use in online fraud and identity theft.
Avoid paying cybercriminals as it is often goes straight into the hands of organised crime and terror groups. I urge you to report ransomware infections to your local police and the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3): http://www.ic3.gov/default.aspx