Is the consensus to pay or not, for your data back? Is there guarantee your data will be unencrypted? Good thing your or your organization diligent performs daily/incremental backups, correct?
Unfortunately, there is no do-it-yourself kit to unencrypt once infected with variants of ransomware. As mentioned in past posts, the best precaution is not open or clicking on emails/links you do not trust.
Last month, Hollywood Presbyterian Medical Center fell victim when hospital systems were held ransom for money. And since we are a global society, during the same time frame, two German hospitals also became victims (as well as a LA hospital). That's just a snapshot of the hospital industry but it's happening in retail, financial, manufacturing, etc. While the uptick is confirmed, reporting of incidents vary or simply, lack thereof. The rise will also come from novice cybercriminals that will use ransomare-as-a-service model to accelerate growth throughout various business sectors or individual cases. But the mass impact is still brewing as increasingly store and share data in cloud services. So, the traditional perimeters are disappearing and so will the home and office through wearable devices when considering 6.4 billion connected devices said to be connect by
Gartner in the next year - meaning, everything connected from one device/PC to another, one local drive to another shared drive, one company database instance to another...
Aside from good backup and fully investigating your options e.g. law enforcements, it’s all about proportions. That being, putting a price on how much your data is worth to your company and how much your company's networth/value i.e. large organization have resources to pay the millions of dollars being asked. Aside from the latest,
Locky and
PadCrypt, the most lucrative malware being,
CryptoWall with at least 3 variants,
TorrentLocker, TeslaCrypt, and
CTB-Locker. Practical experience tells me never to pay up but according to
c|net “When you face the real deal, even the FBI says you should pay.” So, choose wisely…
It’s worth noting that payout does not necessarily mean cold cash delivery but in bitcoins. Don’t know how to buy up large amount of bitcoin. Well, you may also be sent with links or online chat on “how-to”. That’s right, a help desk on how to extort funds to the source, your criminal holding your data hostage. No joke and certainly not a laughing matter!
Number resulting from analysis of CryptoWall affects include, from
Cyber Threat Alliance:
- 4,046 malware samples
- 839 command and control URLs
- 5 second-tier IP addresses used for command and control
- 49 campaign code identifiers
- 406,887 attempted infections of CW3
- An estimated US $325 million in damages
Mostly accomplish through phishing (other 1/3 being exploit kits with Angler being at the top of the list) either through attachments and/or redirection of landing page (sometimes with help from out dated or vulnerable web browser); and obfuscating exe files in PDFs, flash or other MS Office type files. So, upshot for prevention is awareness and implementation of various levels of security training/phishing techniques, firmware-browser/OS patching, sound application security practices, and base foundation for kill chain methods via implementation of
Anti-virus/Anti-spam, Intrusion Detection Sensors, Web filtering, SSL inspection, Data Leakage Prevention, and appropriate incident response and management.
