Data Held Hostage? Back it up fervently
Ransomware is a regional and global issue. In a media briefing hosted by security vendor Symantec and government agency, CyberSecurity Malaysia (CSM), Director of Asia Consumer Business for Symantec Choon Hong Chee described ransomware as “malware that holds the victim’s computer to ransom, either by restricting access to the computer by locking the desktop or by encrypting the user’s files.
Needless to say, ransomware has come a long way since the mid-2000s.
Choon explained the evolution of ransomware, beginning as misleading apps that claim to be able to fix, to fake antivirus that lied about cleaning viruses to locker ransomware in 2012 that would disable users’ computers and display a warning message that a fine must be paid to unlock the computer.
The latest type called crypto ransomware would encrypt user files and decryption keys would only be released once a fee is paid.
Now, down to the scary stats
CSM CEO Dr. Amirudin Abdul Wahab said, “Ransomware is a subset of malicious code. For the past five years, the top 3 attacks have consistently been fraud, intrusion and malicious code.”
He also shared that ransomware incidents reported to CSM in 2015 was alarming, rising as much as 76 cases to a total of 84 from 2014.
Symantec reports a similar increase in ransomware as well, specifically crypto ransomware that increased by as much as 35-percent all around the globe. In the bigger scheme of things, Malaysia ranks 12th in the region in terms of ransomware incidents. We rank 47th globally with an average of 14 attacks per day.
Dr. Amirudin said, “How do we manage this? We issue a national ransomware alert and work with local media, local authorities, government agencies and private sectors as well as the APCERT or Asia Pacific Computer Emergency Response Team community to cultivate awareness.”
How does it spread?
Unfortunately, even Android-based ramsomware can spread to all contacts on a device’s address book via text messages. Other methods include malvertising, malware from compromised devices, and even untrusted 3rd party applications.
CSM advises regular data backups and a recovery plan for all critical information. Ideally, data should be kept on a separate device and backups should be stored offline.
So, you are affected… what then?
The agency is also able to help remove malware and retrieve files ransomware victims.
Dr. Amirudin advises, “Install security software and prevent ransomware. If affected however, then report to Cyber999.” Cyber999 is CSM’s response service for computer security incidents that is offered to Internet users.
The CEO added that CSM has developed cyyberdefense capabilities of detecting, eradicating and forensics to remove APT (advanced persistent threats) type of attacks that have penetrated standard security solutions.
“We also work with the private sector because each of these entities have their respective strengths and we can complement each other.”
His one word of advice for companies or individuals that have been attacked by ransomware is this: Do not pay the ransom.