Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.
Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.
One of the most dangerous ransomware strains is Cryptowall, and according to research by Dell Secureworks, between March and August of this year more than 600,000 systems were infected with CryptoWall. And as a result of those infections, more than 5 billion files were encrypted.
Things recently got a lot trickier for businesses, with the discovery that Cryptowall is now being delivered through Flash banner ads on websites using advertising networks that have been compromised. What that means is that users don’t even have to click on anything in order to be infected by Cryptowall. Simply visiting the page the banner ad is being displayed on is enough. The attack works by exploiting vulnerabilities in the user’s browser, and major networks believed compromised include Yahoo! Finance and Match.com.
The risks for businesses are many. Even if you have little control over third-party ads delivered through your website, chances are you may still end up being blamed by impacted users. And that can lead to significant reputation and brand damage. And if your own employees fall victim, then there’s a very good chance that your business will end up yet another victim of Cryptowall. Which means potentially thousands of your critical files may be gone forever
So what can you do to minimize the risks to your business and your customers?
- If you don’t rely on third-party advertising through your website or the revenue is not significant, think about abandoning the practice. You have no control over the advertisers’ security and therefore will never know for sure whether they’ve been compromised.
- If you must push ads through your website, try to avoid using Flash ads to minimize the risks.
- Make sure all employees are part of a comprehensive patching regime so that all the applications, on their work and personal devices, get the latest patches as soon as possible.
- Make sure all employees are constantly backing up their data, ideally using either online or “cold” offsite services. Although it’s not foolproof, backing up your data externally may be one of the few ways to successfully recover from a Cryptowall attack.
- Strictly control outbound network communications. Once installed, some versions of Cryptowall will contact a command and control center to download the RSA key used to encrypt the target files. If it can’t locate the key, the attack may end there.
- Monitor your website constantly for any signs that it’s been compromised with malware. SiteLock can not only help you find even the most advanced malware hiding on your website, it can completely automate the process of malware removal.
Keeping malware off your website and out of your business is a constant and evolving battle. But you have some powerful and affordable weapons at your disposal, like SiteLock. Don’t be afraid to use them.