Defend Your Data from Ransomware Attacks
Blackmail Software (Ransomware)Solution Brief
Solution Brief Blackmail Software (Ransomware)2
We provide all-aspect protection against potential attacks
The topic of “Ransomware” is one of the biggest topics in the IT world. This solution brief contains background
information, opinions, and tips for protecting you from dreaded Trojans.
Solution Brief Blackmail Software (Ransomware) 3
Now it also threatens TVs. A smart TV produced by
LG company suddenly stops working. And the screen
shows a message stating that the device would only be
unlocked if 500 dollars were paid.
This is just one of countless reports about blackmail
software (Ransomware). At the moment, no other topic
is causing as much attention in IT circles. Companies
are the main victims. According to a study by IBM, 70
percent of targeted companies pay the required ransom
- half of them more than 10,000 US dollars and 20
percent even over 40,000 US dollars.
On a daily basis, the BSI detects around 380,000 new
malicious program variants. There are increasingly
more types of blackmail software (Ransomware). As
one cannot expect any all-clear signal, companies and
institutions should protect themselves.
Blackmail software (Ransomware) is also referred
to as encryption or blackmail Trojan. The malicious
software (Malware) encrypts files on the computer
or smartphone of the victim, and often on connected
network drives. The affected data becomes useless. The
blackmail software (Ransomware) then shows the victim
a blocking screen with the request to transmit a certain
sum (often in the form of bitcoins) to the attacker. Only
then would the files be decrypted again.
About this solution brief
This solution brief contains background information,
opinions and tips for the protection against dreaded
blackmail Trojans. It is aimed at IT professionals as well
as private users.
Ransomware
Even TV Sets are Affected
What is Blackmail Software (Ransomware)?
10 valuable tips
01 Backups! Backups! Backups!
In spite of all the following measures, no company is
ever completely protected against blackmail software
(Ransomware). The most important tip is therefore to
make regular backups. In addition, the backups should
be kept separate from the network. Otherwise, the
backups could also be encrypted.
02 Up-to-date
Whether it is the operating system or office
applications - the most secure editions are the latest
versions. Manufacturers always update their latest
software versions first. Updates for older programs
are - if at all - usually only provided later. It is therefore
recommended to use the latest software versions as
much as possible and keep them up-to-date at all times.
03 Unsafe websites
Avoid visiting unsafe websites. But even serious web
portals can be infected with malicious software.
Particular caution should be paid when visiting blogs -
they are the most frequently infected websites. Firewalls
with protection mechanisms increase the security of
surfing the Web. In particular, content filters can help
by blocking contaminated sites. The corresponding
databases are constantly updated. In this way, even
"newly" infected websites are quickly marked and can
no longer be accessed.
04 Take special care with e-mails
Despite spam filters, e-mails from unknown senders
will always find their way into your mailbox. In these
cases, always be suspicious - and, above all, do not
open attachments. And be careful: The tricks of the
fraudsters are becoming ever more sophisticated. Be it
fictitious and well-made job applications or real-looking
mails from financial services providers - a fundamental
skepticism is always appropriate when it comes to
e-mails.
05 Protection by hardware and software
Among the most effective protection mechanisms are
firewalls. Combined with various software solutions,
firewalls offer comprehensive protection against
blackmail software (Ransomware) and other malicious
programs - from gateway to endpoint protection (client).
SSL inspection, VPN application intelligence, intrusion
detection prevention, single-sign-on and content filters
are now common functions of firewalls. In terms of
software, anti-virus solutions as well as special
anti-ransomware programs are useful. It is important
that the programs and firewalls are coordinated so that
they do not interfere with one another.
Solution Brief Blackmail Software (Ransomware)4
What should IT administrators and employees consider in order to protect themselves against blackmail software
(Ransomware)? Here is a summary of the most important tips.
Solution Brief Blackmail Software (Ransomware) 5
06 Working without admin rights
If possible, do not provide the user profiles of the
employees with admin rights. Many programs cannot be
installed with normal rights. Similarly, this will prevent
various malicious software from being installed.
07 Use of script blockers
We recommend that you install a script blocker for the
Web browser. This prevents the execution of malicious
code on websites.
08 Raise employees’ awareness
Employees should be reminded of the issue of blackmail
software (Ransomware). Correct behavior should also
be trained in case of emergencies. For example, case
studies can be analyzed. Trainings should be repeated
at regular intervals.
09 Be prepared
Plan how to proceed in the worst case scenario. What
should one do? Who are the contact persons for the
employees? What happens during the time between
infection and complete restoration of the systems? A
regulated procedure helps to maintain the calm in case
of emergencies.
10 In case of an infection
Immediately disconnect the affected computer from
all networks. Check if other computers on the network
are infected. Then reinstall the system and change all
passwords. Now load the backup. It is also advisable to
contact the local police stations and file a report. Paying
ransom to the blackmailers is not recommended. There
is no guarantee that the encrypted data will actually be
decrypted.
Malicious softwareon the Net
Trojans in banking transactions
Just executing a quick money transfer. Hardly anyone
is aware of the possibly grave consequences of an
infection with malware. But it happens all the time.
Newsletters are full of reports about Trojans, with
banking Trojans being the dream of criminals and the
nightmare of all users. The e-banking Trojan “Tordow”
was synonymous with “Super-Trojan” in the context
last year.
E-Banking Trojan “Tordow”
Once Tordow had successfully established itself,
the Trojan could, for example, copy calls, copy bank
information and reload and install additional malware.
There was also the risk that the malware could read
access data, including passwords, for online services
from mobile web browsers. This is just one example
of the enormous damage potential that users are
exposed to.
Great variety of malicious programs
Apart from Trojans, which can spy on a computer and
forward sensitive data to third parties, there are various
other forms of malicious programs. Recently, there have
been many media reports about blackmail software
(Ransomware). These are also called Encryption
Trojanians and can be found in a number of different
varieties - the common denominator being extortion.
Thus, data is encrypted on the computer and also on the
network drives of the victim - and only decrypted when
a ransom payment is made. At least, this is what the
attackers promise. Experts advise against transferring
money in such cases. Rather, they advise making
regular backups, which should be kept separate from
the computer and the network.
Reasonably-priced firewalls with integrated threat defense system
To simply accept the above-mentioned dangers
is, however, not a viable alternative. Both private
individuals and companies of all sizes can now opt for
affordable solutions offering reliable protection against
blackmail software (Ransomware) and other malicious
programs.
For all the damage ransomware can cause, you are not
defenseless in the fight against these online bandits.
Several security options exist to protect personal and
enterprise systems from being compromised. Unified
Security Gateways, or USGs , provide comprehensive
protection against potential ransomware attacks
through features like anti-spam to block phishing
emails, content filtering to prevent access to suspicious
links, anti-virus to protect users from malware-infected
files, and Intrusion Detection and Prevention (IDP) to
detect and stop intruders from gaining control of your
system.
Anti-Spam blocks unwanted Email
Anti-Spam is the first line of defense in protecting one’s
system from ransomware by filtering out suspicious
content with reputation-based email protection.
Potentially harmful messages can be blocked before
the recipient ever has a chance to open them. Real-time
protection is augmented with automated sharing and
updating to continuously monitor and report activity.
Solution Brief Blackmail Software (Ransomware)6
The Internet is a blessing and curse at the same time. Its dangers are often not taken seriously. The number of cases
involving blackmail software (Ransomware) and other malicious programs, however, are growing rapidly.
Solution Brief Blackmail Software (Ransomware) 7
Content filters secure Web connections
As with anti-spam, content filtering cuts ransomware
attacks off at their source. If a user accidently clicks a
suspicious link, the URL is checked against a database
of malicious sites. Databases are continuously updated
to stay one step ahead of the cyber thieves. Zyxel USG
and ZyWALL products also offer SSL inspection to
combat encrypted web traffic.
Anti-Virus stops malware-infected files
Anti-Virus provides a third line of protection by
thoroughly scanning incoming files for worms, Trojan
horses, and malware with protocols such as SMTP and
POP3.
IDP monitors network behaviors
Intrusion Protection and Prevention service is like having
your own personal security guard who is constantly on
patrol for abnormal behavior on your network. Zyxel IDP
vigilantly watches for suspicious connection attempts
and backdoor programs.
Gloomy prospects
Solution Brief Blackmail Software (Ransomware)8
A terrifying number of infections
5000 infections per hour - and this alone in Germany.
Blackmail software (Ransomware) is on the rise
Marc Henauer, Section Head of MELANI (Melde- und
Analysestelle Informationssicherung/Reporting and
Analysis Center for Information Security) explains the
situation.
New players
The ever growing importance of IT for business
processes also leads to increased opportunities for
fraud, espionage and blackmail, explains Henauer.
Today, new actors appear in the role of bad guys -
organized crime and even states have discovered
the benefits of blackmail software (Ransomware). In
addition to commercial motifs, the accumulation of
know-how and also political purposes are increasingly
used as reasons for the use of blackmail software.
Events like the National Ransomware Awareness Day,
which MELANI organized last May 19, 2016, shows how
seriously the Federal Government takes the problem.
Coffee machines and cars
Andreas Wisler confirms the severity of the problem. The
CEO of the company goSecurity GmbH knows about
various real-life examples of cyberattacks. Hacked
coffee machines, paralyzed hospitals, and even a Tesla
car that could not be started. With increasing electronic
networking, devices very different from ordinary
computers or smartphones are becoming popular
attack targets.
Even small companies are affected
Wisler pointed out that the cases of blackmail software
(ransomware) infections are no longer only restricted to
major companies. Even small businesses and even one-
man companies are increasingly under attack. In 2015,
SMEs were the most attacked companies at a rate of 43
percent. The common opinion of many SME bosses that
only large companies are in danger of falling victim to
Ransomware is definitely wrong.
Harmful blogs
The most dangerous websites containing malicious
software are not sites with pornographic content. Most
malicious programs are spread via blogs. Online shops
are also popular hunting grounds for criminals.
Sobering conclusion
The general rule is: Chances of becoming victims of
blackmail software (Ransomware) are higher than
ever before. For individuals, one-man businesses, SMEs
and even large companies, this growing threat means
above all one thing: Be cautious when using the Internet,
protect yourself as well as possible, and be prepared for
the worst case scenario. Tips for this can be found on
the fourth page of this solution brief.
The omnipresent topic of blackmail software (Ransomware) has become a serious problem. Experts Marc Henauer
and Andreas Wisler are painting a gloomy picture.
Security services
Solution Brief Blackmail Software (Ransomware) 9
Anti-Virus
• Integrate Kaspersky’s leading
technology SafeStream II gateway
Anti-Virus
• Anti-malware including viruses, Trojans,
worms, spyware and rogue ware
• Fast stream-based scanning provides
real-time protection with no file size
limitation
• High detection rate without sacrificing
performance
• Cloud-optimized database supported
Anti-Spam
• Transparent mail interception via SMTP
and POP3 protocols
• Zero-hour virus outbreak protection
• Sender-based IP reputation filter
• Blacklist and whitelist support
Application Patrol
• Granular control over the most
important applications
• Identifies and controls application
behavior
• Application bandwidth management
• Supports user authentication
• Real-time statistics and reports
Content Filtering 2.0
• Dynamic, cloud-based URL filtering
database
• Bandwidth regulation by filtering
• SafeSearch support for social
networking content constraints
• IPv6 GeoIP Blocking covers
management of billions of IOT and
mobile devices
• GeoIP maps and tracks IP addresses
from the cloud into real geographical
locations
Intrusion Detection and Prevention
• Routing and transparent (bridge) mode
• Detects and alerts you of suspicious or
malicious activity
• Customizable protection profile
• Customized signatures supported
ZyWALL Security Appliances and Services
Product USG1900/1100 USG310/210/110 USG60/60W USG40/40W ZyWALL 1100/310/110
UTM Package(Ant-Virus, IDP and Application Patrol, Content Filtering 2.0, Anti-Spam)
1 year 1 year 1 year 1 year 1 year
Anti-Virus 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
IDP andApplication Patrol 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
Content Filtering 2.0 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
Anti-Spam 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
Product/Service Compatibility List
Interview withthe training leader
The experienced Zyxel Training
Course Leader Patrick Hirscher
answers the most important
interview questions on the
subject of blackmail software
(Ransomware) and offers
useful first-hand tips.
How do you judge the threat posed by blackmail software (Ransomware)?
The threat is very severe, ever growing, and still difficult
to assess. There is one point, however, everyone agrees
on with regard to the topic of blackmail software
(Ransomware): Unfortunately, we currently do not have
a simple comprehensive solution for all problems in this
area. Obviously, the IT industry is aware of this, and this
gives hope for a swift solution. But for the time being,
we have to cope with the current situation and keep the
available solutions as safe as possible.
How can one increase awareness of blackmail software (Ransomware) among users?
The assessment of the trustworthiness of a specific case
has gone wrong even in our own company. A very well-
forged application was forwarded as an e-mail via three
instances. One person finally opened the application
file infected with blackmail software (Ransomware).
And this, despite a macro program warning on the part
of the Word software. Fortunately, the virus scanner
installed on the client was able to prevent even worse
effects. Following this incident, we conducted an internal
security training course, obligatory for all employees,
in which we disclosed and analyzed the case in order
to learn from it. I am convinced that the time spent on
this activity has made a significant contribution to the
correct handling of information from different sources
(mail, browser, etc.). In the future we will carry out further
internal awareness training courses.
How can blackmail software (Ransomware) be blocked already in incoming mail?
As a first instance, one certainly needs an anti-spam
solution with an integrated virus scanner. However,
Ransomware attacks are becoming increasingly
sophisticated and are, unfortunately, often not
recognized by anti-spam solutions despite the latest
sandbox-security technology. At Zyxel, all emails with
suspicious attachments are blocked and quarantined.
However, this leads to negative consequences: The
quarantining is manually executed by an IT employee
who checks the mail for its trustworthiness and then
releases it to the addressee. This implementation entails
great effort, but is very effective in light of the current
threat situation. In addition, dedicated mailboxes are
used for public mail accounts, which deal with many
general and potentially dangerous e-mails. The logged-
in user works with very restricted rights on the file server.
In case of a Ransomware attack, the damage would be
limited and under control.
How can systems become as immune as possible against blackmail software (Ransomware)?
An absolute must is to continually upgrade operating
systems and applications. In this area, we are
uncompromisingly committed to “speed”. As soon as
new updates are made available by manufacturers,
we implement them as quickly as possible. This is no
longer done only over the following weekend, but even
during ordinary workdays. In principle, we are convinced
of this need, but are currently doing our best to create
a reliable report, which shows that all clients have the
latest version.
Solution Brief Blackmail Software (Ransomware)10
Q:
Q:
Q:Q:
What should be taken into account when securing data with backups?
In the case of successful crypto attacks, only the
mexisting backups provide required data. We have
ensured that the saved data is separated from the
corporate network after each successful backup.
What other measures are planned for Zyxel?
• Use of FW ZLD4.25 within the ZyWALL USG Series (with
GeoIP and SafeSearch)
• Uninstalling of various SW packages on the clients
(only providing SW, which are required)
• Revision of the internal IT guidelines
• Adaptation of the authorization structures on the file
server
What other tips can you give IT managers?
IT departments can make a major contribution to
ensuring the security of company by operating various
systems, which are well maintained and regularly
checked for correct functioning. The known cases of
loss or damage show, however, that different human
behavior could have prevented a lot of the negative
effects. It is therefore constructive to train employees
on a regular basis and to provide them with specific
information about new hazards. Moreover, one
should take the necessary time to create widespread
awareness - it’s worth it!
Solution Brief Blackmail Software (Ransomware) 11
Q: Q:
Q:
5-000-00817002 06/17
For more product information, visit us on the web at www.zyxel.comCopyright © 2017 Zyxel Communications Corp. All rights reserved. Zyxel, Zyxel logo are registered trademarks of Zyxel Communications Corp. All other brands, product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice.
Corporate HeadquartersZyxel Communications Corp.Tel: +886-3-578-3942Fax: +886-3-578-2439Email: [email protected]://www.zyxel.com
Europe Asia The AmericasZyxel BelarusTel: +375 17 334 6099Fax: +375 17 334 5899Email: [email protected]://www.zyxel.by
Zyxel NorwayTel: +47 22 80 61 80Fax: +47 22 80 61 81Email: [email protected] http://www.zyxel.no
Zyxel China (Shanghai)China HeadquartersTel: +86-021-61199055 Fax: +86-021-52069033 Email: [email protected] http://www.zyxel.cn
Zyxel Middle East FZETel: +971 4 372 4483Cell: +971 562146416Email: [email protected]://www.zyxel-me.com
Zyxel USANorth America HeadquartersTel: +1-714-632-0882Fax: +1-714-632-0858Email: [email protected]://us.zyxel.com
Zyxel BeNeLuxTel: +31 23 555 3689Fax: +31 23 557 8492Email: [email protected]://www.zyxel.nlhttp://www.zyxel.be
Zyxel PolandTel: +48 223 338 250Hotline: +48 226 521 626Fax: +48 223 338 251Email: [email protected]://www.zyxel.pl
Zyxel China (Beijing)Tel: +86-010-62602249Email: [email protected]://www.zyxel.cn
Zyxel PhilippineEmail: [email protected]://www.zyxel.com.ph
Zyxel BrazilTel: +55 (11) 3373-7470Fax: +55 (11) 3373-7510Email: [email protected]://www.zyxel.com/br/pt/
Zyxel Bulgaria(Bulgaria, Macedonia,Albania, Kosovo)Tel: +3592 4443343 Email: [email protected]://www.zyxel.bg
Zyxel RomaniaTel: +40 31 0809 888Fax: +40 31 0809 890Email: [email protected]://www.zyxel.ro
Zyxel China (Tianjin)Tel: +86-022-87890440 Fax: +86-022-87892304 Email: [email protected] http://www.zyxel.cn
Zyxel SingaporeTel: +65 6339 3218Hotline: +65 6339 1663Fax: +65 6339 3318Email: [email protected]://www.zyxel.com.sg
Zyxel Czech RepublicTel: +420 241 091 350Hotline: +420 241 774 665Fax: +420 241 091 359Email: [email protected]://www.zyxel.cz
Zyxel RussiaTel: +7 (495) 539-9935Fax: +7 (495) 542-8925Email: [email protected]://www.zyxel.ru
Zyxel IndiaTel: +91-11-4760-8800Fax: +91-11-4052-3393Email: [email protected]://www.zyxel.in
Zyxel Taiwan (Taipei)Tel: +886-2-2739-9889Fax: +886-2-2735-3220Email: [email protected]://www.zyxel.com.tw
Zyxel Denmark A/STel: +45 39 55 07 00Fax: +45 39 55 07 07Email: [email protected]://www.zyxel.dk
Zyxel SlovakiaTel: +421 220 861 847Hotline: +421 220 861 848Fax: +421 243 193 990Email: [email protected]://www.zyxel.sk
Zyxel KazakhstanTel: +7-727-2590-699Fax: +7-727-2590-689 Email: [email protected]://www.zyxel.kz
Zyxel ThailandTel: +66-(0)-2831-5315Fax: +66-(0)-2831-5395Email: [email protected]://www.zyxel.co.th
Zyxel FinlandTel: +358 9 4780 8400Email: [email protected] http://www.zyxel.fi
Zyxel Communications ES LtdTel: 911 792 100Email: [email protected]://www.zyxel.es
Zyxel Korea Corp.Tel: +82-2-890-5535 Fax: +82-2-890-5537Email: [email protected]://www.zyxel.kr
Zyxel Vietnam Tel: (+848) 35202910 Fax: (+848) 35202800 Email: [email protected]://www.zyxel.com/vn/vi/
Zyxel FranceTel: +33 (0)4 72 52 97 97Fax: +33 (0)4 72 52 19 20Email: [email protected]://www.zyxel.fr
Zyxel Sweden A/STel: +46 8 55 77 60 60Fax: +46 8 55 77 60 61Email: [email protected]://www.zyxel.se
Zyxel MalaysiaTel: +603 2282 1111Fax: +603 2287 2611Email: [email protected]://www.zyxel.com.my
Zyxel Germany GmbHTel: +49 (0) 2405-6909 0Fax: +49 (0) 2405-6909 99Email: [email protected]://www.zyxel.de
Zyxel SwitzerlandTel: +41 (0)44 806 51 00Fax: +41 (0)44 806 52 00Email: [email protected]://www.zyxel.ch
Zyxel Hungary & SEETel: +36 1 848 0690Email: [email protected]://www.zyxel.hu
Zyxel Turkey A.S.Tel: +90 212 314 18 00Fax: +90 212 220 25 26Email: [email protected]://www.zyxel.com.tr
Zyxel IberiaTel: +34 911 792 100Email: [email protected]://www.zyxel.es
Zyxel UK Ltd.Tel: +44 (0) 118 9121 700Fax: +44 (0) 118 9797 277Email: [email protected]://www.zyxel.co.uk
Zyxel ItalyTel: +39 011 2308000Email: [email protected]://www.zyxel.it
Zyxel UkraineTel: +380 44 494 49 31Fax: +380 44 494 49 32Email: [email protected]://www.ua.zyxel.com