Don’t be a hostage to ransomware

February 2014 Cyber Security

‘Your money or your life’ was a phrase favoured by masked criminals on horseback robbing stagecoach passengers. Though it may be a thing of the past, the notion of holding valued items for ransom is still prevalent. Today, cybercriminals use malware known as ransomware to demand ‘your money or your files,’ extorting businesses and consumers by holding their PCs or data hostage and demanding financial payment for their release.

Doros Hadjizenonos.
Doros Hadjizenonos.

Like most malware, ransomware can originate from opening a malicious attachment in an e-mail, clicking on a deceptive pop-up, or simply visiting a compromised website. It threatens businesses in one of two ways: locking a user’s screen or file encryption. Lock-screen ransomware, as the name suggests, causes a PC to freeze while displaying a message with the criminal’s ransom demand, rendering the computer useless until the malware is removed. While this is a nuisance for users, it’s survivable because it typically affects a single PC, and is relatively easy to remove.

File encryption ransomware, on the other hand, is quickly emerging as a genuine threat to businesses because of its ability to permanently lock users out of their files and data – not only on individual PCs, but across an organisation’s entire network. Globally, this type of ransomware attack has seen a 200% increase in Q3 of 2013, compared to the first half of the year. What’s more, the attacks have been focused on small and medium-sized firms, using CryptoLocker, one of the most destructive and malicious strains of ransomware ever seen.

Since being identified last year, CryptoLocker has targeted over a million computers. Once activated on a user’s PC, CryptoLocker searches all folders and drives that can be accessed from the infected computer, including networked back-up drives on company servers. It then starts scrambling those files using virtually uncrackable 2048-bit encryption. The files will remain scrambled unless the business pays a ransom to those behind the attack in order to release the decryption key – assuming, of course, the criminals actually supply the key when paid.

Defending against ransomware

So what can businesses do to protect themselves against these new, aggressive types of ransomware? As a first step, it’s important that organisations implement basic security best practices recommended to protect computers from any other type of malware:

* Ensure anti-virus software is updated with the latest signatures.

* Ensure operating system and application software patches are up to date.

* Install a two-way firewall on every user’s PC.

* Educate users about social engineering techniques, especially involving unknown attachments arriving in unsolicited e-mails.

However, these measures do not offer complete protection against attacks. It’s all too easy for an employee to inadvertently click on an e-mail attachment, triggering an infection. It’s also relatively easy for criminals behind a ransomware scam to make small adjustments to the malware code, enabling it to bypass current antivirus signature detection, in turn leaving businesses vulnerable.

Better protection with sandboxing

To defend against new exploits that may not be detected by conventional anti-virus solutions, a new security technique makes it possible to isolate malicious files before they enter the network so that accidental infection does not occur.

Without impacting the flow of business, this technology – which Check Point calls threat emulation – opens suspect files arriving by e-mail and inspects their contents in a virtualised environment known as a sandbox. In the sandbox, the file is monitored for any unusual behaviour in real time, such as attempts to make abnormal registry changes, actions or network connections. If the file’s behaviour is found to be suspicious or malicious, it is blocked and quarantined, preventing any possible infection before it can reach the network – or users’ e-mail inboxes – and nullifying the risk of it causing damage. New cloud-based emulation services, such as Check Point’s ThreatCloud Emulation, can deliver this protective capability to almost any organisation of any size.

Businesses should consider taking these extra precautions to ensure they don’t fall prey to cybercriminals who need only a sliver of security weakness to get into the network and take company assets hostage. With the potential to capture all of a company’s files and data in an instant, ransomware poses a significant threat that organisations should take seriously.

For more information contact Check Point South Africa, +27 (0)11 319 7267,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Cybersecurity comment: Cyber threats remain relentless
Issue 5 2020, CA Southern Africa , Cyber Security
Over 80% of email-based threats in Q1 2020 leverage COVID-19 in some form to feign legitimacy to the end user.

11 essential steps to reinforce cybersecurity
Issue 5 2020 , Cyber Security
Wayne Olsen has compiled a guideline to ensure that businesses and their employees are protected while working remotely.

Cybersecurity comment: Securing the real endpoint
Issue 5 2020 , Cyber Security
The corporate perimeter is fast becoming irrelevant, as the so-called security boundary extends to wherever an Internet connection exists.

Don’t squeeze your cyber assets
Issue 5 2020 , Cyber Security
Inadequate investment in cybersecurity is directly related to the spate of cyberattacks we’re seeing in South Africa now.

Cybersecurity comment: Create layers of security
Issue 5 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Next-generation security operations centre
Issue 4 2020, AVeS Cyber Security , Cyber Security
Pay-as-you-use cybersecurity from AveS allows all businesses access to world-class expertise.

Strengthen your passwords for world password day
Issue 4 2020 , Cyber Security
May 7 is World Password Day and KnowBe4 is providing tip sheets, videos and tools to help people strengthen their passwords.

Tips on secure remote working
Issue 3 2020 , IT infrastructure, Cyber Security
NordVPN advises how to stay secure while working from home during the coronavirus outbreak.