Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Latest-generation ransomware can permanently encrypt business files, unless you pay to free them. Tom Davison, technical director for Check Point looks at how ransomware is on the rise, and how firms can defend their data against being taken hostage

‘Your money or your life’ was a phrase favoured by the highwaymen of the 18th century. But while masked criminals on horseback robbing stagecoach passengers may be a thing of the past, the notion of holding valued items for ransom is still prevalent. Today, cybercriminals use malware known as ransomware to demand ‘your money or your files’, extorting businesses by holding their PCs or data hostage and demanding financial payment for their release.

Don’t be a hostage to ransomware
Don’t be a hostage to ransomware

Like most malware, ransomware can originate from opening a malicious attachment in an email, clicking on a deceptive pop-up, or simply visiting a compromised website. It threatens businesses in one of two ways: locking a user’s screen or file encryption. Lock-screen ransomware, as the name suggests, causes a PC to freeze while displaying a message with the criminal’s ransom demand, rendering the computer useless until the malware is removed. While this is a nuisance for users, it’s survivable because it typically affects a single PC, and is relatively easy to remove.

File encryption ransomware, on the other hand, is quickly emerging as a genuine threat to businesses because of its ability to permanently lock users out of their files and data – not only on individual PCs, but across organisations’ entire networks. Using encryption to scramble data until the ransom is paid, this type of ransomware attack has seen a 200% increase in Q3 of 2013, compared to the first half of the year. What’s more, the attacks have been focused on small and medium-sized firms, using CryptoLocker, one of the most destructive and malicious strains of ransomware ever seen.

Since being identified in late summer 2013, CryptoLocker has targeted over a million computers. Once activated on a user’s PC, CryptoLocker searches all folders and drives that can be accessed from the infected computer, including networked back-up drives on company servers. It then starts scrambling those files using virtually uncrackable 2048-bit encryption. The files will remain scrambled unless the business pays a ransom to those behind the attack in order to release the decryption key – assuming, of course, the criminals actually supply the key when paid. Without exaggeration, this loss of intellectual property and confidential data has catastrophic implications.

Defending against ransomware
So what can businesses do to protect themselves against these new, aggressive types of ransomware? As a first step, it’s important that organizations implement basic security best practices recommended to protect computers from any other type of malware:

  • Ensure anti-virus software is updated with the latest signatures
  • Ensure operating system and application software patches are up to date
  • Install a two-way firewall on every user’s PC
  • Educate users about social engineering techniques, especially involving unknown attachments arriving in unsolicited emails

However, these measures do not offer complete protection against attacks. It’s all too easy for an employee to inadvertently click on an email attachment, triggering an infection. It’s also relatively easy for criminals behind a ransomware scam to make small adjustments to the malware code, enabling it to bypass current antivirus signature detection, in turn leaving businesses vulnerable.

Better protection with sandboxing
To defend against new exploits that may not be detected by conventional anti-virus solutions, a new security technique makes it possible to isolate malicious files before they enter the network so that accidental infection does not occur.

Without impacting the flow of business, this technology,emulation, opens suspect files arriving by email and inspects their contents in a virtualized environment known as a ‘sandbox.’  In the sandbox, the file is monitored for any unusual behaviour in real time, such as attempts to make abnormal registry changes, actions or network connections.  If the file’s behaviour is found to be suspicious or malicious, it is blocked and quarantined, preventing any possible infection before it can reach the network – or users’ email inboxes – and nullifying the risk of it causing damage.  Furthermore, new cloud-based emulation services can deliver this protective capability to almost any organisation, of any size, with minimal set-up needs.

Businesses should consider taking these extra precautions to ensure they don’t fall prey to cybercriminals who need only a sliver of security weakness to get into the network and hold company assets hostage. With the potential to capture all of a company’s files and data in an instant, ransomware poses a significant threat that organisations should take seriously.

Businesses can try Check Point’s ThreatCloud Emulation service for free
here: https://threatemulation.checkpoint.com/teb/