CryptoWall and other variants of the most recent and significant ransomware threats inflict at least $1 million damage each month, federal reports show.
Active since April 2014, CryptoWall and its variants demand ransoms between $200 and $10,000 to restore user access to their terminals. In addition, many victims incur costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services and paying credit monitoring services for employees or customers, according to FBI’s Internet Crime Complaint Center (IC3). In the last 14 months, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.
Users fall victim by clicking an infected advertisement, email or attachment, or by visiting an infected website. After they encrypt files, most criminals demand payment in Bitcoin, because it’s easy to use, fast, publicly available, decentralized and provides a sense of heightened security/anonymity. “If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet to avoid any additional infections or data losses,” the FBI says.
Last month, we prepared a short guide to teach you how to avoid falling victim to ransomware. Here is a quick catch-up, in case you missed the three articles describing what ransomware is and how it works: Part I, Part II , and Part III.
Recommendations for users
- Regularly back up your data in the cloud or on an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive connected to the PC for the duration of the backup only.
- Keep UAC enabled. UAC notifies you when changes will be made to your computer that require administrator-level permission.
- Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules that’s constantly updated and able to perform active scanning. Don’t override the optimal settings, and update it regularly.
- To secure your mobile device, avoid downloading apps from unfamiliar sites – only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.
- Follow good internet practices; avoid questionable websites, link or attachments in. Alternatively, you might consider a browser extension that blocks JavaScript (such as NoScript).
- Enable ad-blocking tools to fend off malicious ads.
- Use a filter to reduce the number of infected spam emails that reach your Inbox.
- When possible,virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.
- Increase your online protection by adjusting your web browser security settings.
- Keep your Windows operating system and your vulnerable software – especially the browser and the browser plug-ins – up to datewith the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.
Recommendations for companies
- Educate employees in good computer practices, in identifying social engineering attempts and spear-phishing emails.
- Install, configure and maintain an advanced endpoint security solution.
- Enable software restriction policies to block programs from executing from specific locations.
- Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.
- Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
- Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.