Last year saw a massive rise in cybercriminal activity, targeting businesses and civilians alike. For instance, according to Q4 year-in-review threat report by Proofpoint, ransomware attacks increased by a massive 3000% over the course of the year. Even though we’re only a few months into 2017, there are already distinct trends and upswings in ransomware threats to private and corporate data security. Recently, many Australians have fallen victim to TorrentLocker – a particularly nasty strain of ransomware – that has been spread through fake AGL websites.
So before you click through on any suspicious-looking sites or download any mysterious attachments, read through this blog post to learn exactly how this attack works, and what you can do to ensure your data protection.
First, let’s start with the basics.
What is ransomware?
Ransomware is a type of malicious software that, once activated, blocks access to your system and data until the attacker’s conditions are met. In some instances, if the information being held for ransom is highly valuable or sensitive, the criminal will also threaten to leak or publish the data. The ease with which a criminal can get their hands on ransomware Trojans is one of the primary reasons there has been such an spike in ransomware activity.
What’s special about TorrentLocker?
The technology behind the TorrentLocker Trojan is very similar to a previously notorious ransomware variant called CryptoLocker, which was effectively neutralised by the FBI and Interpol in late 2014 after causing more than 27 million US dollars in damages. It can only target Windows machines, and needs to be installed manually onto the victim’s device. This is achieved through phishing emails with downloadable attachments or, in the AGL case, having the user input a CAPTCHA code that triggers the download. Once active, TorrentLocker scans the system for all files and programs, and then uses Advanced Encryption Standard (AES) encryption to restrict user access. The ransom amount varies, but usually starts at around 500 US dollars and can only be paid in Bitcoin into a unique account.
What can you do to ensure data protection?
It’s important that you take a proactive approach to data protection, both as an IT professional and as an Australian citizen. In light of the recent TorrentLocker threat, perhaps the most effective preventative measure is to never enter any CAPTCHA information on any AGL affiliated website. The specific domain used as a fake AGL site is “hxxp://aglbill-server.net”, but any number of variants can theoretically be used. Additionally, make sure that every device is equipped with antimalware software that’s updated with the latest malware definitions. Your company firewall should also actively block activity from known threat locations, such as the fake AGL landing page (hxxp://aglbill-server.net). Above all, remain vigilant and be ready to adapt to the ever-changing face of cybercrime and data security threats.
While data protection is an ongoing struggle, it is substantially easier to handle when you’re informed and have the right tools at your disposal. We highly recommend implementing a comprehensive endpoint security solution that prevents the malicious spontaneous encryption of ransomware programs, such as Intercept X from Sophos. PowerNET has been working with Sophos for close to 8 years and is a Platinum partner, so we have full confidence in the quality and scope of their product offering. For a free trial 30-day trial of this new approach to endpoint security, simply head over to their site and fill out the form.
If you’d like to see how the security and efficiency of your internal IT systems measure up, take our free IT health check.