The 2018 update of the Oxford English Dictionary will include ransomware as a new entry, and this announcement just happens to coincide with a new zero-day exploit that bypasses security measures of popular cloud computing services such as Office 365 and Google Drive.
“Shurl0ckr” is the name of the new ransomware strain detected on February 7 by cyber security experts at Bitglass Threat Research Team. Out of 67 antivirus software suites, only five of them identified Shurl0ckr as a threat.
Ransomware attacks are very much on the minds of Irish information security specialists. In May 2017, IT administrators at the Health Service Executive moved quickly to protect its vast network from the WannaCry ransomware attack that greatly impacted the operations of the NHS in the United Kingdom. At the time, the HSE operated 2,350 servers and more than 25,000 clients, many of them running Windows XP. Technicians rushed to install emergency patches and update antivirus software on all machines; three instances of WannaCry were initially detected but later dismissed when found to be vestiges of a previous infection by different malware.
In the end, HSE was not targeted by the hackers behind the WannaCry ransomware; however, an internal assessment published in January 2018 indicated that the Executive lacks a defined strategy for business continuity in case of future attacks. HSE is not certainly not alone in this predicament; in June 2017, Irish broadcasting giant Kantar Media was dealt an embarrassing blow as its servers were came under a ransomware attack at a time when the company was negotiating an important merger.
Ransomware attacks are particularly devastating due to their particular mechanism; once a system is infected, malicious code proceeds to apply a layer of encryption to all data it can find with the exception of system files it needs to display a ransom demand, which typically directs victims to transfer cryptocurrency or enter a bank card number so that a key can be received to remove the encryption and access files. The Garda Cyber Crime Bureau tells business owners to not pay these ransom demands; however, this is often the only way to unlock sensitive data needed to unlock information. In America, more than $206 million in ransomware payments were made just in the first quarter of 2016; in the most critical cases, business owners have had to bite the bullet and reformat their hard drives or reset their servers and start over, thereby losing crucial company information.
While keeping antivirus software and operating systems up-to-date can certainly help to protect against ransomware, the best strategy will always be to install and maintain a solid data backup system that adheres to business continuity guidelines. In case of a severe ransomware attack, servers or clients can be completely restored without having to meet any ransom demands. Comprehensive data backup strategies will completely workstations; another option is to mirror virtual workstations in the cloud so that they can be booted from just about anywhere in Ireland or even abroad.
Proper data backup systems are also crucial for disaster recovery planning, and they may be a matter of compliance for businesses operating in certain sectors. Business owners who install reliable backup solutions for their company networks will always have peace of mind in terms of never having to worry about ransomware attacks.