Cybercriminals are beginning to realize that many business employees are now accessing company data through smartphones and tablets, providing them with a new avenue to exploit. Database administration services have worked to deter a malicious program known as CryptoLocker, a malware execution that convinces victims that failure to pay the software author's demands will result in serious real-world consequences.
How it works
According to a report conducted by Dell SecureWorks, the ransomware traditionally encrypts files stored on a PC and informs the user that all control will be returned to them once the ransom is paid. The earliest versions of CryptoLocker were delivered through spam emails targeting business professionals, masking itself as a "consumer complaint" against recipients. The objective of this particular species of malware is to connect with a command and control (C2) server and encipher the files located on related drives, causing a major headache for those without database administration support to identify the hidden problem before it reveals itself.
"The threat actors have offered various payment methods to victims since the inception of CryptoLocker," the source reported, citing its appearance in early 2013. "The methods are all anonymous or pseudo-anonymous, making it difficult to track the origin and final destination of payments."
Extending its reach
If such a program could be engineered to hold entire databases hostage, the financial consequences could be catastrophic for multimillion-dollar enterprises. As if this prospect wasn't intimidating enough, CryptoLocker and other related ransomware are now targeting mobile device users, diverting database experts' attention toward those access points. Because the average business employee now uses more than one remote-access machine, organizations may have to halt operations in the event these assets are compromised.
CIO reported that malevolent figures employing this technology are more interested in the data smartphones and tablets handle than the devices themselves. Thankfully, there are a number of simple, routine steps business professionals and remote database support personnel can follow to protect the information:
- Educate those utilizing mobile technology on data loss prevention. If employees are aware of the techniques implemented by hackers, than they'll be well-prepared for attacks.
- Regularly perform data backups
- Create and deploy a data classification standard so that workers know how to treat particular kinds of information, whether it's highly sensitive or public knowledge.
- Develop a security policy that establishes requirements on how to handle all types of media.
- Get a remote DBA group to constantly monitor all mobile connections and actions.
If these points are implemented into a company's general practices, it will provide a solid framework for mobile device management.