''The goal of creators of encrypted viruses is to make money. But don’t pay hackers''
Tips for dummies: safe for USB drive, not to buy anti-virus too cheap and dreams of monitoring systems
WannaCry ransomware virus that has run riot in 150 countries made think about media safety even those who were sceptical about cyber threats. Is it a joke that about 200,000 natural persons and hundreds of bodies were attacked by the virus? Ransomware attackers were the biggest threat to individuals and corporations before WannaCry. According to Marat Gaifullin, manager at Taksnet, the majority of the attacks are performed by encoders. In a column for Realnoe Vremya, he told about the main security behaviour principles.
A safe with USB drive is the best protection
Hacking attacks are divided into two types. Targeted attacks prepared by mean rivals, swindlers and criminals is the first one. According to estimations of companies dealing with IT security, such attacks are few – a bit more than 2-3% of the total number. But they are effective in 90% of cases. And nowadays it is impossible to protect from them 100%. Leading world technologies are behind such attacks. Creation of backup copies on external devices is the major recommendation to protect from such attacks. And no cloud services.
A safe to keep USB drives will be the perfect storage for valuable information. Big companies do so by regularly copying information to removable devices. It is troublesome, but we are not talking about comfortability. If done in this way, one can lose information that is collected while copying. There is a rule in IT security: the costs a criminal is having to perform an attack must be so high that he will refuse attempts. Of course, targeted attacks are aimed more at big companies. But it doesn't mean that small ones are in safety. Even if a company is small, it has information to steal. Always there is personal information that can be used against a person, financial indicators that are often corrected in our country for regulators. It all can be used against a business including in dishonest rivalry. This is why everybody should protect.
''A safe to keep USB drives will be the perfect storage for valuable information. Big companies do so by regularly copying information to removable devices. It is troublesome, but we are not talking about comfortability.'' Photo: Oleg Tikhonov
Attacks of encrypted viruses are the majority of the remaining 98% cases. It is a worldwide misfortune. Algorithms and filters that, in fact, need to be installed by telecommunication operator like in Europe, the USA, Asia to cope with this threat. Operators in Russia don't sell such services. At the moment, they can't understand how to monetise them because security is ''air'', and you start feeling when you don't have it. For instance, an operator will send you a report saying he detected a certain number of attacks. Will you believe this information? Our Russian mentality doesn't allow services to develop, but security problems are starting to dominate.
First of all, financial establishments are at risk because it is easier to steal money. This is why banks as the most active users of inventions in information security, they actively follow their development. Encoder is an installed file. Consequently, it needs to be installed. For this reason, what any director in any even small company can do is to explain the staff because threats are regular. In our company, we face encoders once in 2-3 weeks. Encoder can reach the e-mail of any addressee.
Don't be lazy and check whether the visual part (the addressee's name) coincides with the e-mail. If not, don't open the letter. But encrypted algorithms don't work by just opening the letter. It is important to look at the extension of the file that can be attached to the letter. You see an .exe file. You don't know what it is. Aren't you waiting for it? Don't open it. The goal of creators of encrypted viruses is to make money. But don't pay hackers. If you pay hackers, it means you support their business.
110 days to catch infection
Nowadays encoders are the most dangerous threats for business because no famous anti-virus detects them. But anti-viruses need to be certainly used because different kinds of Trojans that hackers place on different public sites are one of the other spread problems that business faces. We constantly check our resources. Companies with big databases are the icing on the cake for those who do harm and use the base for distribution.
The number of attempts to attach to resources is growing. The statistics is sad: in Russia, it takes 110 days from placement to detection of these files. How many visitors are under threat during this time? The police can't just block the attempt to attack. They need to collect an additional base. It is hard to prove the fact. But I know special programmes collect proofs. I know a case when the police followed a hacker for 20 years.
At the moment, there are few cases of this kind, public ones are even rarer. There are good free anti-viruses, but their update speed is lower than that of fee-based. These are basic things, a one-year subscription for anti-virus is 1,800-2,000 rubles. It is not the money to economise. A general recommendation is to allow employees to visit public pages less. In general, don't hire unchecked people because your own staff can be a threat. But you can't close all USB ports from careless employees. Internal monitoring systems are needed (to record phone conversations, control e-mail box content, shoot the desktop screen, control the content of files, base access, supervise copying to external devices and others). For companies that have 5-10 computers, they are very expensive. They are reasonable for companies with 200 workstations. I don't think it is an infringement, it is company's security.