Symantec says it is keeping a close eye on a relatively new but potentially very damaging threat — ransomware.
Ransomware is a type of malware that locks the machine, typically showing some type of law-enforcement logo, and tells users they have to pay a fine to have their computers unlocked. The message usually accuses users of activities such as looking at child pornography and, for that reason, many choose to pay the “fine” and avoid the embarrassment of having to explain they did not do anything like that. According to Symantec, this is one of the reasons this type of malware is “highly profitable”.
Symantec’s principal systems engineer for the Endpoint management and mobility business unit in the Asia Pacific, Mark Shaw says the New Zealand Police logo has already been used by attackers and New Zealand customers are being targeted. He says Symantec has had issues reported “around the middle of the South Island” with attackers demanding payments around the $300-$400 mark.
“In some cases, attackers are targeting SMBs which aren’t as well protected as enterprises,” says Shaw. “Three percent of the people attacked pay the money, which is a very high percentage,” he adds.
“We have absolutely seen it in New Zealand and we are recommending the obvious things. Keep your patches and anti-virus signatures up to date, and make sure you are using the other tools in your system to reduce the threat. Have good backups. If infected, report to the Police and to NetSafe,” he says.
“We are monitoring this space. We expect more. We expect ransomware to increase in 2013. It’s scary stuff. We’re being pretty vigilant about this. This is the tip of the iceberg, it’ll certainly grow.” Shaw adds that the attackers know what they are doing and there is “effectively no way of tracing the payments”.
Symantec is also promoting the global launch of its Symantec Endpoint Protection Small Business Edition 2013, which Shaw describes as "the first Symantec product dedicated to SMBs".
"We are very excited about this because we see this as a critical market," he adds. Shaw says the launch is well timed, as the company's latest Intelligence Report reveals that targeted attacks against SMBs have doubled between 2011 and 2012, with attackers aiming their guns at SMBs as a way to get into enterprises. The fact that the top 500 global businesses average 60 alliances each with smaller companies means that attackers use SMBs as "stepping stones" into larger organisations, he says.