Leveraging Secure Messaging in the Fight Against Ransomware
It is labeled the “Threat of the Month” in SC Magazine UK. In a recent FBI press release it is called “the most current and significant ransomware threat targeting U.S. individuals and businesses” with victims reporting losses of more than $18 million. Known as Cryptowall or Cryptolocker, it is a malicious trojan that attacks Microsoft-based systems encrypting data on the computer and then holding it for ransom in order to decrypt it. Once encrypted, it is difficult if not impossible to recover the data.
What’s most sinister about this malware scam is that it typically presents itself as an email – also known as “spear phishing” – in your inbox that appears to be from a friend, co-worker or family member, along with a harmless looking attachment. Once the email attachment is opened there is very little that can be done to reverse it.
Backing up data is one way to ensure you always have access to your files, but this does not stop Cryptolocker. The only sure method of avoiding this trojan is to not open the attachment. With malware as unstoppable as this, it is no wonder organizations are looking at every method of reinforcement. Email encryption, message control and data leak prevention (DLP) solutions can play a role in the defense. When encryption is easy to use, cost-effective and can be triggered automatically or required for all outgoing messages and attachments – securing and controlling what exits and enters an organization via email is much more manageable.
In the case of Cirius, senders can share encrypted email content with an unlimited number of recipients, effectively giving them the ability (or the requirement) to create secure communications loops with all of their contacts. Every time a secure message is sent and received it is clearly identified as such on both ends. This way, if the employee or recipient shares an email that is not secured with an attachment – especially if it is a known contact with whom they normally communicate securely, this discrepancy would be an immediate red flag that something is not right.
Additionally, secure messaging solutions offer a host of other information and control features so that there is no question the message is coming from a trusted source. Users see real-time message notifications when a secure email is received and read. They can revoke messages even after recipients open them and can stop people from replying to and forwarding messages. They can also add multiple attachments of up to 5 GB.
The fight against ransomware like Cryptolocker is by no means an easy one. Organizations taking a proactive approach to securing email through encryption and DLP along with defending their parameters (e.g. firewalls and antivirus solutions) put themselves in the strongest position. They also help build a reputation of trust and provide greater peace of mind through secure communications.