In a recent article 'How My Mom Got Hacked', essayist Alina Simone wrote about how her mother became a victim of the latest form of ransomware: Cryptowall 2.0 (detected by multiple antivirus engines as variations of Trojan.Win32/Filecoder). Like other ransomware, once unleashed Cryptowall encrypts all the files on your hard drive and any connected devices. The malware then shows a ransomnote, saying that you have one week to pay a fee to receive the key to decrypt your files. In this case, the victim was asked to pay $500 within a week, otherwise the fee would go up to $1,000. The malware then shows a countdown clock, increasing the pressure to pay up! Mom ended up paying the fee, and at least did receive her decryption key from the hackers. However, the Internet Crime Complaint Center advises not to pay the ransomware since if victims keep on paying the ransomware this will keep on enticing the 'bad guys' to continue creating new ransomware. In other words, prevention is the best option.
Apart from regularly backing up data, how can companies prevent infection? Ransomware can infect your machines through email attachments, malicious web links and malicious files that could, for instance, be introduced via mobile devices and USB drives.
Here are three ways in which organizations can protect against infection:
1. Implement Advanced Threat Protection for Email
For email attachments, use an anti-malware multi-scanner such as Metascan®, in order to increase detection of the ransomware. For newly released ransomware, the more anti-malware engines you use to scan files, the greater the chance that you will be able to detect and block the malware and prevent threats from bypassing a specific engine's vulnerabilities. By implementing data sanitization for email attachments, you can convert files to a different format, removing any potentially embedded threats that are not detected by anti-malware engines. For instance, by converting a Word document to pdf format, you can ensure that any potentially harmful content is removed.
2. Scan Web Traffic for Threats
Use anti-malware multi-scanning on your web traffic in order to ensure that the web pages that your users are visiting are free of malware. By integrating Metascan with your Web proxy, you can ensure that all HTTP traffic is scanned with multiple anti-malware engines (between 4 and 30), decreasing the chance that malware can bypass your antivirus engine.
3. Monitor Your Devices
Monitor your devices and scan machines for malicious files and processes. By using an application such as Gears, you can remotely scan and monitor client machines, servers, laptops and other devices to check for malicious files or processes and automatically remediate any issues. Gears also utilizes Metascan anti-malware multi-scanning to check devices daily for running threats, and identify threats in your network that aren't detected by the installed antivirus.
