For years, we have been cautioning our readers against making ransomware payments after an infection. The top reasons are that you don’t know what kind of criminal organization you are supporting in the process, and there is no guarantee that it will work.
Now, there is another reason to avoid making a ransomware payment if you can.
Hackers have discovered a way, using a Tor proxy service, to intercept payments and funnel them into their personal bitcoin wallets. This strategy — which is a new type of man-in-the-middle attack — adds an interesting twist to the ransomware pandemic. Now, it doesn’t matter if you pay or if you don’t pay. Hackers may never receive the funds that you send.
To deploy this type of attack, hackers first request victims to download the Tor browser in order and buy cryptocurrency so they can make a private payment. The hacker typically includes a link to a Tor proxy, or a website that translates Tor traffic into standard Internet traffic. Then, the hacker will use a specific Tor gateway to modify the bitcoin wallet address, and redirect the payment into a personal account.
So keep this in mind when your business eventually gets hit with ransomware. Paying the ransom may seem like the fastest, and most cost-effective way to get your data back. But you could very well just be throwing money away if you choose to go this route — and funding a complete stranger in the process.
I wish there was an easy way to fix this problem, but there isn't. This is the reality that we are now faced with. The best you can do is add multiple layers of security to your network, make sure your systems are up to date with the latest security patches and educate your end users about how to avoid ransomware online. If you take these preliminary cautions, you could avoid winding up in a situation where you have to decide whether to make a payment, or kiss your data goodbye forever.
Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.
1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.