Crypto “levels up”

 In recent developments of Cryptolocker variants, the added element of “scareware” has been introduced. Trading on the success of the “Jigsaw” character in the horror genre of movies, users are extorted more money as minutes pass and even more if the machine is re-booted. This added element of social engineering the user is as impressive as it is malicious. So what does the average business have in a toolbox to protect against this risk?

JIGSAW

 Enter, the ASD top 35…..

The Australian Signals Directorate is a Government security agency that provides the Australian Government with:

  • Advice and assistance to federal and state authorities on matters relating to the security and integrity of information
  • Greater understanding of sophisticated cyber threats
  • Coordination of and assistance with operational responses to cyber incidents of national importance across government and systems of national importance.

At least 85% of the targeted cyber intrusions that the Australian Signals Directorate (ASD) responds to could be prevented by following the Top 4 mitigation strategies listed in the  Strategies to Mitigate Targeted Cyber Intrusions, these are:

Use application whitelisting to help prevent malicious software and unapproved programs from running

Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office

Patch operating system vulnerabilities

Restrict administrative privileges to operating systems and applications based on user duties.

The Strategies to Mitigate Targeted Cyber Intrusions are ranked in order of overall effectiveness. Rankings are based on ASD’s analysis of reported security incidents and vulnerabilities detected by ASD in testing the security of Australian government networks.

And it’s “Free”

Here’s the catch, there isn’t one. The 85% efficacy figure is actually lower than the real figure rumored to be somewhere in the 90’s. ASD also provide a range of tools that you can use free of charge here

If you consider these strategies in your business, then your exposure to the issues that cryptolocker brings is largely mitigated.