IT Technology Services New Orleans

New Orleans Technology Services

Menu
Category

Security

Sep 15
0

1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

By | news, Security | No Comments

An annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

The University of Kent’s 2014 Survey on Cyber Security found that 1 in 30 has had their system hit by CryptoLocker, and 40% of those paid up.

CryptoWall

The figure for ransomware as a whole seems even more eye-opening, with almost 1 in 10 reporting having fallen victim.

The survey was organised by the University of Kent’s Interdisciplinary Research Centre in Cyber Security, by a team composed of both computer scientists and psychologists, and conducted using Google’s Consumer Surveys platform.

As the authors of the report caution their readers, the survey covered a relatively small number of people – just over 1,500 UK adults. That leaves it open to inaccuracies for all sorts of reasons, including sampling bias due to the kinds of people drawn to responding to online surveys, but the results seem dramatic enough to be more than just an anomaly.

Other data picked up by the survey seems fairly predictable. Around two-thirds of us feel at risk from cybercrime, just over 1 in 4 have been the victim of some sort of “cyber-dependent crime” in the last year, with malware (11.9%) and phishing (7.3%) the main culprits. 1 in 10 has been exposed to online bullying, harassment or stalking.

If the rate of malware infections seems a little higher than we normally see in surveys of this nature, that could well be down to the high levels of CryptoLocker and other ransomware included in those figures.

9.7% of people claimed they had been infected by ransomware of some kind, with CryptoLocker specifically named in the survey question and making up around a third of all reported infections.

Proving a negative

Survey data always has a problem in that it’s only as accurate as the knowledge (and honesty) of the people being surveyed.

Malware, for the most part, aims to avoid revealing its presence to its victims, sometimes going to great lengths to do so.

So when you ask someone if they have ever been hit by malware, and their response is a strong and definite “no”, that answer should always be viewed sceptically. How can they possibly know?

Proving a negative is not easy in the best of circumstances, and being certain something hasn’t happened simply because you haven’t noticed it happen is particularly difficult when the thing you haven’t noticed is specifically designed to be secretive and stealthy.

Have you ever been spied on from a distant rooftop? No? Can you really be sure of that?

Unlike most malware though, CryptoLocker and other ransomware attacks make no secret of their presence, indeed their main intention is to make it very plain to their victims that they have been infected.

So it could be that what we’re seeing here is not a change in the total level of malware going around, simply a change in the visibility of it to the general public.

Only a third have firewalls

And perhaps that is no bad thing. Other details emerging from this same survey include less than half of respondents using up-to-date anti-malware, just over a third implementing firewalls, and a little less than that exercising sensible password hygiene.

Maybe a little more visibility will finally make the general public start sitting up and paying more attention to the risks of malware and other online threats.

At the moment, it seems like we’re still mostly either ignorant or in denial, right up until something nasty infects our machine and nabs our data, or encrypts it and demands a ransom.

That so many people pay up is not much of a surprise either. Like other security basics, it looks like proper backing up of sensitive or precious files is a rare thing.

Victims forced to pay up include police departments and law firms, with ransomware threats clearly targeting small businesses where proper security practices such as backups are more likely to be lacking.

These shortcomings may have been hidden in the past, but now they are being forced into the spotlight, and the shock may just jolt people into giving the right priority to their security needs.

Jan 09
0

Cryptolocker Ransomware: What You Need To Know

By | IT Blog, Microsoft, news, Security | No Comments

Antivirus companies have discovered new ransomware known as Cryptolocker.

This ransomware is particularly nasty because infected users are in danger of losing their files forever.

cryptolocker

Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks.

Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key.

The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

Below is an image from Microsoft depicting the process of asymmetric encryption.

assemcrypto

The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.

Currently, infected users are instructed to pay $300 USD to receive this private key.

Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files. The folks at BleepingComputer have some additional insight on this found here.

Removal:

Although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break.   Payment often, but not always, has been followed by files being decrypted.

Prevention:

New Orleans Technology Services has already installed a plug-in on each user workstation that will help prevent Crypto Locker from accessing user files once downloaded but we cannot guarantee the virus will not be successful.

The biggest defense may also be the easiest to apply.  If you get an email from somebody you do not know, especially if it’s got attachments, don’t open anything with it, just delete the email.  If you don’t know who is sending that email or if the subject is foreign to you, simply click delete.
Additionally, Google Mail, Google Apps for Business and Microsoft Hosted Exchange Services are currently blocking emails that contains the virus.  Unfortunately free services like Yahoo, AOL, and other free email hosting services included with Wed Site hosting like JustHost, BlueHost and HostGator are not.    If your organization uses or allows access to email not blocking the virus, you should consider this virus to be extremely high risk.