In the world of cybercrime, a new brewing threat is that of cyber extortion. As the name implies, the criminals are acting to effectively ‘shake up’ the victim, not unlike threats that you would expect to see in a mafia movie, via either malware or threats of attacks on company data. In the world of malware, one of the most brutal types of attack is a ransomware attack. Ransomware attacks, such as CryptoLocker, work by threatening to steal data or lock access to your machine. Of course, there are other extortion techniques such as DDoS attacks, where the criminal will attack your system and ask for payment to stop (in some cases they ask for payment first, then attack, but in the end the intent is the same). While it is unfortunate that these criminals exist, it is important to be prepared to deal with the attacks.
First and foremost, the worst thing that a business can do is to pay the attacker. Aside from rewarding the criminal for his or her actions, this also lets them know that you are willing to negotiate, which will result in you becoming low-hanging fruit for them, and a common target when they need to get some cash. Even if the criminal is asking for a relatively small amount of money, it still isn't worth it because at that point they know you will pay. You are better off spending that money - and even more - to work with a network security professional to restore access to any lost files or systems.
If the criminal attacks (remember, the whole thing might be a bluff), then you need to be prepared to recover from the attack. If you are consistently backing up your data, you can just reinstall the operating system and backup, eliminating the malware and getting back on your feet, with comparatively minimal downtime. If you don’t have backups, then you can try to disconnect from the internet and attempt to use security software to remove the virus, but for more advanced software like CryptoLocker, this might not work. Backups are the best way to recover from attack.
Depending on the type of attack, there are precautions that you can take. Having a firewall in your infrastructure can help in the case of malware like Cryptolocker, as well as preventing intrusion with software suites designed to provide Intrusion Prevention services. Of course, having a business plan to reach out to key members of the management team is also vital, so that any crisis management or legal actions can occur as soon as possible with the company aware of what is going on. Having IT sit on the problem and telling everyone else it will be fine without talking about what is going on will only make things significantly worse in the long run if a breach does occur.
There are other best practices that should be in place as well, that don't directly stop extortion attempts though they can assist in recovery. A good example includes creating backups of your data. Another good idea would be to utilize the cloud to create complete backup templates of your servers, so that you can spin up a new server to operate while you work to recover the old one, cutting down even further on the recovery time that might be required. This can be done by using an IaaS cloud such as
vnCloud.
Alejandro
