Advanced SOC Operations / CSOC , CISO Trainings , Governance & Risk Management
Ransomware Tips: Fighting the EpidemicKaspersky's Vitaly Kamluk Shares Insights on Protection, Regional Trends
Ransomware has fast become a chronic issue globally, and the impacts are being felt in Southeast Asia. In India, for instance, while there isn't much reporting happening, it is common knowledge that government and BFSI institutions are hot targets. Ransomware is popular with cybercriminals because it often leads to easy money. Enterprises find it expedient to pay a small ransom and make the problem go away, rather than suffer business downtime.
Vitaly Kamluk, Kaspersky Lab's director of the global research and analysis team in APAC, argues that paying the ransom is a bad idea. It can be bad for the ecosystem, reinforcing the cybercriminal business model. And it can also be bad for the enterprise, where instances of a more ransom demands are not unheard of, he says. In some cases, the keys are never shared (see: Ransomware: Is It Ever OK to Pay?).
"Ransomware is a very common and emerging problem in the whole of Southeast Asia and in India specifically," Kamluk says in an interview with Information Security Media Group. "In fact, according to Kaspersky sensors, India has the highest number of infections for TeslaCrypt - one of the most popular ransomware variants."
Encryption-based ransomware is the bigger threat, because these attacks use cryptographic algorithms that are not breakable at the moment, he says. The secret key used by the ransomware is critical to decrypt victim data. While security companies have sometimes been able to find vulnerabilities in the implementation of crypto-algorithms in the malware, leading to a possibility of decrypting the data without knowing the key, this is only in the case of specific symmetric encryption, he says. In cases where the more advanced asymmetric encryption is used, decryption without the key is not possible (see: Phishing, Ransomware on the Rise).
In such cases, collaboration with law enforcement and ISPs has been successful, with law enforcement authorities taking down the servers being used by cybercriminals and then allowing security players like Kaspersky access to the hard drives to extract keys. Some public decryption is now possible due to this and cases such as the TeslaCrypt ransomware, where the keys have been released to the public by the authors. Free tools have been built to help decrypt data where such crypto keys are publicly available, he says.
Of course, prevention is always better, and some easy steps can be followed to minimize exposure. Ensure that proper awareness training is given to employees on the risks and attacks vectors used by ransomware, Kamluk advises. Use a good AV product and also ensure that your system is up to date. If your systems are not patched and updated, you could still get infected even when visiting a trusted site through malicious injections in the ad-banner networks that can lead to an automatic compromise (see: No-Brainer Ransomware Defenses).
"Cybercriminals are relying on the fact that users are lazy and don't update their systems. That is why many vulnerabilities that have been patched are still working and can be exploited to compromise systems," he says.
In this interview, (see audio player link below image), Kamluk shares tips and techniques to better protect against the prevalent ransomware attack trends in the region. He also shares broader insight on the Asian security landscape, commenting on:
- Attack trends and types of threat actors;
- Attacker motivation and changing landscape;
- Emerging threats to prepare for.
Kamluk is Kaspersky Lab's director of the global research and analysis team in APAC and has been involved in malware research at the firm since 2005. In 2008, he was appointed senior anti-virus expert, before going on to become director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014, he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation. He remains a principal security researcher at Kaspersky Lab.