With so much new data being created every second – advanced persistent threats (APTs) as well as new threat vectors have forced a new way of thinking around business security practices. New technologies are becoming available with better security intelligence, predictive and proactive capabilities, and cross-cloud API security integration. These new security platforms are designed to make your networks smarter, your data center more secure, and your cloud a lot more agile.
Still – new threats emerge every day and truly damaging APTs like ransomware can truly impact an environment.
Ransomware is one of the biggest cyber threats in 2016, according to McAfee Labs and Trend Micro. To avoid becoming a victim, you need to take action now to protect your computer systems. Waiting could cost you money, hassle, and negative publicity.
But before we dive in – let’s ask one simple question: What’s your data worth? According to Cisco, the current market around cybercrime actually ranges between $450B and 1T per year. Further estimates expect this number to increase. So how much is your data actually worth? Consider this
- Social Security Number: $1
- DDoS as a Service: About $7/hour
- Medical Records: >$50
- Credit Card Data: $0.25 – $60
- Bank Account Info: >$1000 (Depending on the type of account and balance)
- Mobile Malware: $150
- Malware Development: $2500 (commercial malware)
- Spam: $50 for about 500k emails (depending on number of emails and destination)
- Custom Exploits: $100k – $300k
- Facebook Account: $1 for an account with at least 15 friends
These numbers give us a perspective of how much hackers can make off of your data. But what does it actually cost a business to experience a data breach or loss of vital information? New findings from Juniper Research suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Furthermore, the average cost of a data breach in 2020 will exceed $150 million, as more business infrastructure gets connected.
A New Type of Ransomware: CryptoJoker
A new form of ransomware called CryptoJoker was discovered in January 2016. It uses the AES-256 algorithm to encrypt victims’ files and then demands a ransom for their release. CryptoJoker affects computers running Microsoft Windows operating systems.
Although CryptoJoker is not widely distributed at this time, security experts have started warning people about it. Besides using a strong encryption method, it targets 30 different types of files and deletes any shadow copies of them. As a result, victims have only two options to get their files back: recover them from a backup or give into the attackers’ demands. Even if the victims do pay the ransom, there is no guarantee the attackers will provide the decryption key and decoder needed to decrypt the files.
Since backing up files is a lot cheaper and less hassle than paying a ransom, now is the time to back up your files. There are also other measures you can take to avoid becoming a victim of CryptoJoker. To understand why those measures are important, you need to know how this ransomware works.
How CryptoJoker Works
The CryptoJoker attack usually starts with a phishing email that tries to get the recipients to open a CryptoJoker installer disguised as a PDF file. If the email recipients open that file, the installer downloads or generates the executables needed to carry out the attack.
CryptoJoker then scans the computer drives, looking for 30 different types of files, including PDF files, text files, Microsoft Word and Excel files, and image files (e.g., JPG, PNG). After encrypting those files, it appends “.crjoker” to their file extensions. For example, a file named “BusinessForecasts.docx” would become “BusinessForecasts.docx.crjoker”.
The ransomware also performs other malicious acts, all intended to make victims pay up. For instance, it deletes any shadow copies made by Windows’ Volume Shadow Copy Service so that the victims’ files cannot be recovered. Plus, CryptoJoker terminates several processes so that victims cannot run Windows Task Manager or the registry editor. Finally, it displays a popup box with the ransom note.
How to Avoid Becoming a Victim of a CryptoJoker Attack
To help prevent a CryptoJoker attack, you can take several measures:
- Do not open any email attachments that you are not expecting. If the email is from someone you know, check with that person first before opening the attachment.
- Do not click any links embedded in emails sent from unknown sources. Even if you know the person who sent the email, check the link before clicking it. Hover your cursor over the link to see the address of the website that you will be taken to. If the website address seems suspicious, perform an online search to see if it is associated with any cybercrimes.
- Use anti-malware software.
- Back up your files regularly. Although this will not prevent a CryptoJoker attack, it can mitigate the effects of one.
What should you do if you become a victim of CryptoJoker? Assuming that you have backups, you will need to first remove the ransomware from your computer and then restore your files from a backup made before the attack. These are complex processes, so you should enlist the help of your IT service provider. Reach out to MTM to find out about our ransomware-ready kits, powerful security assessments, and how you can protect yourself against new advanced threats.