Ransomware targets enterprise networks

Ransomware has become an urgent problem in the United States — and Canada is far from immune.

A string of recent ransomware attacks targeting healthcare institutions has led the Federal Bureau of Investigation to release yet another alert, issue a guidance and release a podcast helping IT security providers mitigate the risks.

Federal agencies in the United States have reported a total of 321 ransomware related incidents since in the latter half of 2015, and the problem may soon extend north of the border as well.

A recent report by global cyber security firm Trend Micro, which specifically looked at Canadian cyber security threats, noted that “although ransomware is currently a leading threat in the U.S., we did not see it as a particularly common threat in Canada.”

While the report seems reassuring, Trend Micro’s Ottawa-based vice-president of cloud and emerging technologies, Mark Nunnikhoven, said Canadians should expect similar problems to those in the U.S. during the coming year.

“I think we’re going to see an absolute explosion in ransomware,” he said back in December, when interviewed for a story discussing the uniqueness of Canada’s cyber security landscape for expertIP. That’s  due to the fact it’s such a massive money maker for criminals, he said.

Both Nunnikhoven and the FBI alert suggest an evolution in ransomware targeting and perpetration. Whereas ransomware historically targeted individuals — locking them out of their own devices unless they made an online payment, typically through Bitcoin, by a certain date — it has more recently begun to target companies, large institutions and enterprise networks.

“All early versions of ransomware (CryptoLocker, CryptoWall, Locky) encrypted files, both local and on network share, and left computers operational,” Oliver Tavakoli, CTO at security firm Vectra Networks, told DataBreachToday.com. “The newer versions, like Petya, encrypt the file system structures and render an entire machine unusable.”

Petya is even more intimidating than earlier ransomware technologies because it deploys the blue screen of death. Infected machines display a ransom note at system start-up before the OS even loads, reports Trend Micro, rendering the machine useless and otherwise unsalvageable.

In late March, Reuters also reported a new type of ransomware called MSIL/Samas that encrypts entire networks instead of just the data linked to one computer, prompting the United States Computer Emergency Readiness Team (CERT) to issue an alert along with suggestions on how to mitigate the risks.

CERT recommends employing data backup and recovery plans to mitigate the risks of ransomware, as well as keeping operating systems up to date. It also recommends application whitelisting and restricting permissions to install unwanted software applications.

But should you pay the ransom? CERT says you shouldn’t, as it doesn’t guarantee that files will be released, though victims continue to pay in hopes of recovering vital data.

Image courtesy of Free Digital Photos