New Ransomware Trend Curbed by Backup, Recovery Processes

By Laura Stotler
TMCnet Contributing Editor

A frightening new malware threat making the rounds holds an entire computer hostage while taking over and encrypting its hard drive. According to G Data Software, which specializes in anti-malware solutions, the new Petya threat takes control of a computer’s boot process, locking up and encrypting the hard drive, and then displaying a message demanding a ransom payment. The threat is just the latest in an increasing number of ransomware threats that are disrupting businesses throughout the world.

In the case of Petya, the process has ties to the cloud, a very scary prospect as an increasing number of businesses migrate some or all of their infrastructure, storage and services to the cloud. One of Petya’s purported methods of infiltration is via an email pretending to be from a job applicant, with instructions for the recipient to download a CV file hosted in a Dropbox (News - Alert) folder. But the CV is ransomware, and takes over the user’s computer immediately. Once the hard drive is encrypted, the user is presented with a ransom demand along with a threat that the contents of the hard drive will be destroyed without payment. And the ransom amount doubles every seven days.

“We take any indication of abuse of the Dropbox platform very seriously and have a dedicated team that works around the clock to monitor and prevent misuse of Dropbox,” said a Dropbox spokesperson in response to a Next Web article on Petya. “Although this attack didn’t involve any compromise of Dropbox security, we have investigated and have put procedures in place to proactively shut down rogue activity like this as soon as it happens.”

Unfortunately, the criminals behind this type of ransom activity will find other points of entry via the cloud if a company like Dropbox catches on to their shenanigans. Which means businesses have no choice but to be proactive about protecting their data, or else risk paying steep ransom fines or losing data entirely. By backing up data continuously and having a solid backup and recovery plan in place, businesses can simply reformat a computer and copy an image of the backed up data to the hard drive to eliminate the ransomware and restore the machine.

The less appealing alternative is to pay the hackers, as Hollywood Presbyterian Medical Center was forced to do back in February. The organization’s network and sensitive files were held hostage until the hospital paid up $17,000 in bitcoins to restore its systems. And important files were offline for approximately 10 days while the ransom was being sorted out. Just yesterday, Union Memorial Hospital in Baltimore reported it was at the center of a “Samsam” ransomware attack, with criminals demanding $18,500 in bitcoins to unlock important systems.

As is usually the case, user error is to blame for a majority of ransomware attacks. Malware is introduced to a machine or network when a user opens an infected file. Instructing users not to open files or attachments from unknown sources can go a long way in helping companies prevent these types of attacks, but there is always a margin of error. By backing up data regularly and having a simple restoration process in place, businesses can rest assured that operations won’t be interrupted and data will not be held hostage in the event of an attack.