A recent worldwide wave of encryption-trojans like “Locky” and “TeslaCrypt” have been keeping companies, private users and the entire security industry on their toes. Experts like the German Federal Office for Information Security (the “BSI”) are now providing recommendations on how to protect private and business data. We have collected some of these recommendations and added our own.

The most prominent case has probably been the L.A. hospital that eventually paid the ransom. But aside from that, many other companies and public authorities are attacked and held ransom as well. Due to this, some have taken drastic measures such as not accepting e-mails with attached files sent from unknown sources anymore. If someone tries it anyway they’ll just get an error message saying that the message with the attachment could not be delivered.

Security without restraints

This, of course, is neither practical nor is it reasonable but it serves to illuminate the severity of the threat. In today’s business world we simply can’t do without electronic communication. Exchanging information on paper or physically in other ways is just too complicated and time consuming – especially when the communication is time critical, takes place internationally, or when big amounts of data have to be exchanged (e.g. contracts, pictures, video files, construction plans, etc.). The economic loss implied in restraining staff from this kind of digital communication can be immense.

Cryptshare helps companies, authorities and other institutions to protect themselves from ransomware attacks without having to make compromises on file exchange and electronic communication. This is achieved through various measures:

  • Virus check: E-Mails and their attachments are centrally checked for viruses before they are provided to the recipient. This is done by Cryptshare using common anti-virus software. But even in case a current attack is not yet recognized or prevented by those tools there are the following further security measures specific to Cryptshare.
  • Sender verification: Every sender has to verify their e-mail address once before being able to use Cryptshare. This only takes a few seconds but ensures that spammers, bot-networks and other criminals have no possibility to distribute malware from fake e-mail addresses.
  • Traceability: Cryptshare can be configured so that sender and recipient have to exchange a one-time password for their transfer. The sender then has to communicate with the recipient personally, which reduces the possibility of an attack down to a targeted one by a known contact. In addition to this, Cryptshare logs the sender’s IP-address with the result that the origin of a sent file can be verified and criminal prosecution can be aided if required.

What exactly are these latest types of threats?

Encryption-Trojans like “Locky” and “TeslaCrypt” are classified as malware, or, more specifically, as ransomware. They are distributed via e-mail attachments or manipulated downloads to any computer or network. Once a computer is infected, the software usually corrupts either the most used or even all data on it by encrypting it and thus making it inaccessible to the company or user. The perpetrators then ask the victims to pay a ransom in order to have the files unlocked again. This is of course without any guarantee that the criminals actually live up to their side of the bargain and provide the decryption code.  Pretty nasty.

Recommended security measures

Top priority especially to companies should be to minimise the possible damage in case of an attack. For this, regular backups are indispensable. Some points to consider derived from the BSI (German Federal Office for Information Security):

  1. Backing up data to external storage devices. This can be an external hard drive, memory stick or other external storage option. Whilst this makes logical sense, make sure these drives are owned and in the hands of your company, not private ‘shadow iT’ resources owned by your staff.
  2. Minimising the connection between backup-device and the original computer. Ransomware can also infect external drives and even infiltrate network devices. Therefore, wherever the backup is stored it should only be connected to the computer for the time of the backup and afterwards immediately disconnected so that an attack of it is less likely.
  3. Creating physical safety. The data should not only be stored digitally in a secure manner but also physically. External hard drives, sticks etc. should be stored away where they can’t get stolen, lost or damaged by external influences. If one has to resort to cloud-storage, then it should be ensured that transport encryption and encrypted storage are offered and provided.
  4. Checking the backup. Even though it sounds obvious, the backup should be checked after it has been created. So that it is ensured that lost data can actually be restored from the backup. It is alarming how often it occurs that this is not the case

Beyond that we advise companies to brief their employees, partners and customers to take great care when they receive files unsecured via e-mail. Especially when they come from an unknown source, recipients should not open or forward attachments without further checking. Even when a file seems to come from a known contact one should check the actual sender’s email address and compare it to the stored data as sometimes the sender’s name is manipulated. In this case it’s best to ask the external sender to verify the content of the file and send it again in a secure way like Cryptshare to the company.

Try Cryptshare for free and see for yourself how easy secure electronic communication can be.