Follow Tweet This Facebook LinkedIn google+
Industry talking to customers What's this?

Ransomware is not going anywhere – so what can your organization do?

Published: January 9th, 2018 By: IT World Canada

Fortinet

Navigating the shifting ransomware landscape continues to distract organizations from their innovation and productivity agenda. New findings from Fortinet’s 2017 Q3 Threat Report that found 22% of firms detected some form of ransomware in Q3 2017.

 How is a computer infected with ransomware?
There are many ways a computer can become infected with ransomware. The most common is via a phishing scam such as an attachment to an email that a user opens because they believe it is from a trustworthy source. Once the attachment has been opened and downloaded, the ransomware takes over the computer. The ransomware can only be disabled using a code known only to the attacker.

Locky Ransomware
Locky ransomware is a strain of ransomware that businesses should be on guard against. It scrambles all the files and data on a computer once installed and typically renames each file with the extension, .locky. This ransomware is delivered via a Microsoft Word attachment that requires macros to be enabled. Macros are disabled by default by Microsoft to prevent security threats. Once the macros are enabled, the document runs the macro and Locky is downloaded to the computer. The decryption key can be purchased from the attackers with the payment of varying amounts of Bitcoin.

According to Fortinet’s 2017 Q3 report, after a hiatus in the first half of 2017, the Locky ransomware ramped up in Q3 with three new campaigns. The first two campaigns were similar, deploying the malware through attachment downloads that began the encryption process on the victims’ computers. Although similar in functionality, the third Locky campaign of Q3 made a naming convention change and saw encrypted files end with, .ykcol. The other notable change in this third campaign was the lower Bitcoin price demanded by attackers.

Tens of thousands of organizations were impacted by Locky during the quarter, but Locky was not the only malware to make a mark. Figure 11 of Fortinet’s 2017 Q3 Threat Report (below) shows several malware attacks that have infected organizations.

 

 

How to protect your business against ransomware?
With this resurgence of ransomware, particularly Locky, in 2017, it is important to remain defensive against these types of attacks. The best defense against ransomware is deploying web-filtering techniques, using effective email security tools that include both anti-spam technology and the ability to detect and eliminate malicious email attachments, and above all, maintaining a current off-network backup of critical data in case of infection.

Learn more about the threat of ransomware, Locky in particular, by downloading your copy of the Fortinet 2017 Q3 Threat Report.