ISACA Now recently had the opportunity to interview Garry Barnes, ISACA International vice president, and practice lead, governance advisory at Vital Interacts in Australia. Barnes has more than 20 years of experience in information and IT security, IT audit and risk management, and governance, having worked in a number of New South Wales public sector agencies and in banking and consulting.
ISACA NOW: Who is deploying ransomware?
Garry Barnes: Ransomware is developed and deployed by cybercriminals looking primarily to gain financial rewards. Some ransomware will encrypt your files preventing you from gaining access, while earlier types locked your computer by displaying pornography or other images. The ransomware contains a demand payment to obtain the key to unlock your system. These payments are routed through untraceable digital currencies, via SMS, or simply using cash transfer systems.
In its Q1 2015 Threat Report, McAfee cited a new family of ransomware, CTB-Locker, leading to a rise in attacks. This malware is distributed in numerous ways, and its payload is hidden in layered zip files. According to McAfee, it was supported by an “affiliate” program, enabling it to be easily added to phishing campaigns.
ISACA NOW: Who are they targeting?
Barnes: Ransomware developers are targeting the desktop and Android phone devices of both individuals and organizations in North America and Europe, where there is a higher likelihood of the ransom being paid. They use a variety of techniques to deliver their payload, including email and web pop-ups. Recently ransomware has been detected in content management systems such as Joomla! and WordPress. The SynoLocker strain of ransomware targets network storage devices.
ISACA NOW: What is an organization’s chance of suffering this type of attack?
Barnes: The odds are pretty high that a ransomware attack will occur. ISACA identified ransomware as one of the Five Cyber Risk Trends for 2016, noting that the instance of victimized enterprises—most of them small businesses—agreeing to make ransomware payments increased from 2.9 percent in 2012 to 41 percent in 2015.
ISACA NOW: What can be done to prevent it?
Barnes: There are a number of steps you can take to minimize your risk. Technical controls are important, and security awareness is also key. Users need to be vigilant not to click on links, remain cautious with links and attachments in unsolicited emails, avoid clicking on pop-ups on web sites, and have up-to-date antivirus software.
- Desktop architecture should include:
- Reputable A/V to scan for malicious payloads
- Firewalls to prevent unwanted services including blocking
- Periodic back up of both data and software
- Disconnection of the backup storage device after successful backup
- Patching of operating systems and applications
- Use of a web pop-up blocker to prevent clicking on infected ads
- Use of cloud backup may also help
ISACA NOW: What should be done once your organization has been hit?
Barnes: A quick response by the affected user is needed, hence the value of security awareness training. Once hit, an organization should activate its incident response process. This would include alerting the service desk so they can contain the impact and prevent others in your business from falling victim. They will need to initiate recovery of data from backup and restoration of the operation system and applications from a reliable copy.
(This post originally appeared on the ISACA site, which can be viewed here)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access