Reports are emerging of new CTB Locker ransomware (similar to CryptoLocker) that is transmitted through spam emails from Google Chrome and others. Responding to this news are two security experts: Richard Blech, CEO of Secure Channels; and David Swift, Chief Architect for Threat Intelligence and Behavioral Analytics Experts at Securonix.
Richard Blech, CEO, Secure Channels:
“Ransomware has become the favorite for hackers to exploit weaknesses. This CTB-Locker is very clever and will likely have much success for hackers.
“There are existing solutions available, all of which involve the user learning and being aware of what to do in advance. (These are bad plans.) Technology companies have to recognize the need to design technology to make life simpler for the user. Rather than tech companies keeping up with the Joneses, lets design for the Joneses. Let’s design and implement security solutions on devices that don’t depend on the end user to protect their data.
“Mobile data from the outset should be impenetrably encrypted to prevent data from being compromised by ransomware. Malware detection and prevention is an essential tool; unfortunately, the exploit can enter the user’s phone before the detection solution is available. Encrypting the data on the phone will prevent the ransomware from finding any data to exploit. This keeps the user protected even if they open an infected decoy file.”
David Swift, Chief Architect for Threat Intelligence and Behavioral Analytics Experts, Securonix:
“Our accounts, and our corporate users are under attack. We’ve been at war for years.
“It’s been a silent war of nameless victims and unknown actors. Ransomware is just one vector of attack targeting our accounts and user communities, and quite honestly, it’s somewhat low on the threat list. While it’s annoying to have a single machine’s data lost, it only hints at the actions malicious actors can take once they’re on our system. Additionally, it only touches on one vector: email.
“The number of client side attacks on browsers, anti-virus, Adobe, Java, and the common well known client applications are endless and relentless, and once the host is compromised, the data can be harvested and used in any number of nefarious ways is even more alarming.
“Attackers can harvest other cached credentials for use in the next attack and originate on the inside of our protected networks with legitimate credentials, or they can steal sensitive information that can increase the end user’s likelihood of clicking on the subsequent emails.
“This new attack should scream two lessons to those of us listening. One, end user education is mandatory for all and should be part of elementary school education today. Two, as users will do risky things and accounts will be compromised, we must find new ways to monitor our accounts for signs of compromise and misuse to protect ourselves and our networks from users that fall victim to the countless variants that target them every day.”
Find the original article here.