Patch quickly to check ransomware, Canadian telecom industry warned

One of the best strategies to defeat ransomware is to patch systems as soon as possible, a senior official at a security vendor has warned the telecom industry.

Attackers often reverse engineer a recently-patched software vulnerability and use it quickly as an exploit, betting organizations and consumers haven’t updated their systems, Nathan Shuchami, head of advanced threat protection at Check Point Software, told the annual Canadian Telecom Summit.

“Therefore one of the best practices is to patch as soon as you can,” he said.

The three-day conference in Toronto, which started Monday, attracts officials from carriers, Internet service providers and vendors from across the country.

His pre-lunch keynote, which outlined the devastating effects ransomware has by encrypting hard drives after unsuspecting employees click on an attachment or link, appeared to dim the appetite of some attendees who were awed by the simple mechanics of an attack.

One of the more recent variants Check Point has been tracking struck close to home: Called CTB Locker, it pretends to be an PDF invoice from a wireless carrier, which when opened encrypts a hard drive. The victim is then given four days to pay two Bitcoins for the decryption key.

Shuchami noted the ransom threat is well-prepared: The English instructions can easily be read Given four days to pay 2 Bitcoins (about $1,500). To increase the level of confidence that if payment is made files will be decrypted, the victim is given the chance to unlock several files immediately.

Included are instructions on how the victim should to turn off their firewall and use TOR to communicate with the attacker’s server. pay the ransom and download the decryption keys

Ransomware has been increasingly adopted by attackers in the past year for one reason, Shuchami said: It’s easily spread without spear phishing and is a great way to generate money for criminals. “The attacker doesn’t need to tailor it to a specific industry or bank account or specific bank, it can be sent to millions of victims across industries. And we also see attackers are investing significant energy in A/B testing to identify the best language (for the threat message), the optimal amount of money to be demanded –it shouldn’t be too high, otherwise people won’t pay – and the look and feel of the message.”

Usually the ransom isn’t a lot but collectively over a regional or global campaign it adds up, he added.

In an interview Shuchami agreed employee awareness training is vital to fight ransomware. “But you cannot only rely on education because attackers are investing a lot more today in language, in look and feel to make email look as legit as possible.” And because of employee churn there will be staff who aren’t trained, he added. That’s why he recommends organizations use a second-generation sandbox that can detect malware evasion and obfuscation techniques.

The best awareness training he’s seen involves staff regularly – at least three times a year – having to pass an online phishing test, plus regular professional penetration testing.

But he also said that in addition to training and rapid patching there other simple and effective defensive strategies CISOs can employ, including establishing document handling policies (never accept executable files from outside the office) and regular backups.

These could foil to 95 per cent of ransomware, he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now