In recent weeks, a new breed of virus has emerged: truly effective “Ransomware." Past iterations of Ransomware, most notably the “FBI Virus” have touted an urgent call to action, involving a transfer of funds, to the group that has infected your computer. The FBI Virus is removable; with the right geek involved, your data was not in jeopardy, the virus could be removed, and your computer returned to a functioning state. The current version of Ransomware, known as “Cryptolocker,” is no joke. Your files are truly gone. The only path to restoration involves paying the ransom, via Bitcoin.
So far, the standard rate for retrieval of your information is two bitcoins. Standard bitcoin exchange rates, averaging about $300 USD per bitcoin, have applied. In the majority of the cases reported, the paying of the ransom actually works. About a thousand PCs a day are infected, though this rate may vary in the future, as known successes are reported in the viral community.
Paul Ducklin, head of technology for the Asia-Pacific region at SOPHOS, described the impact of the virus: “It's kind of like losing your computer or smashing your hard disk or dropping your computer in the harbor. You are never going to get your data back.”
Let me be clear, removing the virus does NOT gain access to your data. The information is locked, not accessible, coded to a specific and complicated key. Cracking the key is a job for geeks armed with supercomputers and dual MBAs and is well beyond the scope of the average SysAdmin or corner computer geek. It is no joke, no post-Halloween spoof. Infected file types range the gamut of often used and critical files, and include documents, databases, spreadsheets, photos, videos, and music collections.
The virus is also written to lock “backed up” versions of the files. The operative function of cross platform infection pivots on real time links between data structures. If you are using a common and widely adopted platform such as Dropbox, iCloud, Google Drive, or SurDoc, then your file storage may also be locked. During the past decade, users have moved away from a truly “cold storage” approach to file protection, but that old-school approach is the best way to combat the current malware attack.
PCs and laptops that are attached, via VPN, or other linked mechanisms are also prime candidates for this viral attack. The virus authors are looking for files that are easy buy decisions for the unlocking keysets. A database of client information, current AR, banking info, ERP and CRM tables, etc. The data types targeted are obvious. This corporate infection strategy is reinforced by a development (in the past week) of a “buy more time” option in the ransom scheme. Initially, a 72-hour window was given, demanding two bitcoins for the unlock key. Now, a “buy more time” option has been given. The upcharge can range into the thousands of dollars (USD), allowing for more time to gather funds to purchase unfettered access to your files.
For personal computer users, an image backup of cold file storage of the to-be-protected data is recommended. USB capable storage is cheap. 32GIG flash drives, in the $30 range, are prolific. I would recommend backing up crucial data as often as needed. The question is, how many days can you afford to lose? Backing up your primary information monthly, at a minimum, is recommended. In the past, corporations and enterprises have used tape backup, some form of shelved cold storage, ensuring information integrity.
Returning to the trends of old, keeping a “cold copy” of primary data is critical. Even when the ransom is paid, there have been cases where the key is not provided. Ironically, the absence of a key, despite ransom payment, is laid at the feet of law enforcement. Should the authorities track the key generating server and shut it down before your key can be generated, your data is still locked.
No comments:
Post a Comment