A new ransomware, from the CryptoLocker family, is emerging - CoinVault. Please see below for comments from TK Keanini, CTO at Lancope and Fraser Kyne, principal systems engineer at Bromium.
TK Keanini, CTO, Lancope writes:
"It is interesting to watch ransomware evolve and expand its success via different techniques and different platforms. As a business it is growing and there is no end in sight. The problem is economical and educational. On the latter, people don't know about these matters until it is far too late, and the former has to do with cost to the user.
Normally, security issues have a countermeasure that is a security tool but, in this case, it is a simple backup that would render this threat benign. Let's talk about cost and convenience for a second: if you take this CoinVault case, they want .7 bitcoin - which today is trading around near 300.00 USD. A top of the line cloud backup system would cost you far less than that for the entire family per year. People just don't know this and need to know because the biggest threat to these cybercriminals' business is countermeasures that are cost effective and put them out of business or force them to change their game."
Fraser Kyne, principal systems engineer, Bromium says:
"Ransomware will continue to cause significant problems for many organisations, simply because their IT security mechanisms fail to protect them. Modern threats need modern and innovative solutions. It's not enough to go through a continual ‘pay-up or wipe’ loop as these attacks become ever more popular. We also need to ask ourselves this question: "If we have ransomware that is TELLING us we've been hit because it wants our money, what does that reveal about our vulnerability to more convert attacks too?"
This increase in ransomware highlights the importance of best practices, such as endpoint protection and external data back-ups. Many times, when you are hit with ransomware it is impossible to get your files back because the payment processing may fail or the encryption keys may not work – not to mention the danger of providing your credit card number to these attackers. The ransomware trend will only continue if those infected continue to pay the ransom. We cannot encourage this behaviour, so we suggest these ransoms are not paid.”