Technology security experts have discovered a new threat to computer networks—a new variety of “ransomware” called VirRansom. This new malware is particularly troubling because once inside the network, it can clone itself and infect every file it finds. If infected, users are required to make a “ransom” payment (typically in bitcoin) before they can access a network or device.
The aggressive nature of the virus can make cleaning a system difficult. If every trace of the malware is not removed, it will easily replicate itself and re-infect the entire network.
Security experts stress the importance of keeping a full set of backups at an offsite location, and using asynchronous real-time back-ups that can be performed with a few simple steps. Organizations should also test their system’s restore function to make certain it works. Experts recommend replacing standard mapped drives with Universal Naming Convention (UNC) for folders that are shared, and running software that allows only pre-approved applications to run on the system, also called Whitelisting.
The most crucial protective tactic, however, is continuous employee training on system security measures. Mitch Lipka “A new strain of “ransomware” is striking,” www.cbsnews.com (Dec. 8, 2014).
Commentary and Checklist
The U.S. Computer Emergency Readiness Team (US-CERT) recently released an alert to users of Microsoft Windows, detailing the emerging issue surrounding ransomware.
Like most malware, the infection occurs when a user unwittingly visits an infected website or opens an infected attachment in an email. The malware is then downloaded onto their computer and begins its work. The user will typically see a message that is meant to frighten them into clicking on a link or paying a ransom. Some examples of these messages are:
“Your computer has been infected with a virus. Click here to resolve the issue.”
“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
“All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”
The technology security firm, Symantec, looked at data from one command and control server with 5,700 compromised computers. They estimate nearly 2.9 percent of infected users choose to pay the ransom, which means one server could generate about $394,000 of revenue per month.
Unfortunately, there is no assurance the system will be restored if the ransom is paid, and in some instances, further viruses may be installed when the victim tries to make a payment.
Aside from the financial loss incurred by paying the ransom, business systems infected with malware can experience loss of corporate information and other sensitive data, interruption of daily operations, and damage to the organization’s reputation.
Employers must stay alert to new and growing threats to their information systems. Educating employees on security threats needs to be a continual effort.
US-CERT suggests taking the following steps to protect your organization’s computer networks from ransomware infection:
- Conduct system backups on a regular basis, and store those backups on a separate device that is offline.
- Make certain all computers are running anti-virus software that is up-to-date.
- Maintain updated operating systems and software, installing the latest patches. Create a procedure for users to confirm that updates are being completed in a timely manner.
- Perform regular employee training that includes safe web-browsing practices and safe handling of email attachments.
- Keep employees informed on the latest phishing email scams.
- Create a method in which employees can report instances of ransomware or other malware to the IT department.
- Notify the FBI if computer fraud is discovered.