Microsoft investing more to protect customers from cyber-attacks, including building stronger security platforms, and taking proactive actions through Digital Crimes Unit to disrupt major malware
Hong Kong, April 6, 2016 – Ransomware has gone rampant both globally and locally. Following FBI’s Internet Crime Complaint Center’s recent report of 2,453 ransomware cases and nearly US$24.1 million in payment made by victims in 2015, there has been a surge in reported cases of Locky – the most malicious ransomware of late – in Hong Kong in recent months. According to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), more than 40 reports of Locky have been received since mid-February, 2016, which included around 2 cases reported from the enterprises, 30 cases from SMEs, 2 cases from NGOs and 4 cases from home users. To empower consumers, schools, and organizations in Hong Kong and around the world to combat the latest malware threat, Microsoft has stepped up efforts in offering advice and solutions based on data and insights from its Digital Crimes Unit (DCU).
DCU is a team of attorneys, investigators, data scientists, engineers, analysts and business professionals based in 30 countries, who work together to transform the ongoing fight against digital crime. DCU revealed that 12 people online become a victim of cybercrime every second, which add up to 1 million victims around the world every day. Malware costs the global economy US$3 trillion in lost productivity and growth each year.
“Our goal is to translate the malware data we’ve collected into insights that help us create a safer digital experience for all organizations and individuals in the world,” said Fred Sheu, National Technology Officer, Microsoft Hong Kong. “DCU uses Microsoft’s cloud technology and data analytics to detect and assess threats, and will share these insights with CERTs and our cloud users. This helps raise awareness of the latest cybercrimes, including the latest ransomware, and maximizes the level of protection for both organizations and individuals.”
Locky, like many other ransomware, is spread through massive spam or targeted campaigns, which are disguised as invoices or payment vouchers from the victims’ email domains, contacts or unknown senders. These messages contain malicious macros, JavaScript or other file formats. The ransomware can also attack via malicious codes on compromised websites that redirect visitors to other websites where Locky will be downloaded to victims’ computers.
Regardless of the mode of infection, victims end up getting locked out of their systems or files, which become encrypted with a “.locky” extension. They also receive a demand for payment in exchange for encryption keys to unlock their data. The strong encryption algorithms used make the recovery of infected files practically impossible. Very often, the attacks are designed as Zero-Day attacks to make it difficult for users’ machines to detect and stop the attacks just by relying on anti-virus software.
While SMEs and NGOs are major victims of ransomware in Hong Kong, the education sector is also heavily targeted and affected, according to HKCERT.
“In the past two months, over 50 teachers informed us that they have received ransomware E-mails, and we noticed that not just primary and secondary schools are affected – it’s now spreading to kindergartens as well. There are likely many more unreported cases,” said Albert Wong, Chairman, Association of I.T. Leaders in Education. “10 victims had their USB external hard drives and server files locked, and in some cases, the schools’ websites have been defaced, hugely impacting the schools’ operations. We are worried about the schools’ lack of IT resources and expertise in dealing with the ransomware.”
As an industry leader, Microsoft is taking the lead in countering the malware threat. The company’s Digital Crimes Unit (DCU), which is built to fight cybercrime and enable a trusted partnership through public-private collaboration, as well as a trusted cloud through cyber-threat intelligence, has a track record in disrupting attacks such as botnets, malware distribution, DDOS, online financial fraud, click fraud, and online credential thefts. As a result of the DCU team’s malware disruption efforts, tens of millions of infected devices connecting to more than 50 million Internet protocol addresses have been rescued.
Advice from Microsoft
Microsoft advises users to adopt the following measures to effectively guard against ransomware:
- Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with. Disable macros to help prevent macro-downloaded threats from infecting your PC, and then only enable macros that you trust, on a case-by-case basis. Or adopt email phishing protection: Office 365 Advanced Threat Protection (ATP) provides safe email attachment and URL links with Day-Zero malware protection.
- Once infected, isolate the infected computer from the network and external storage immediately.
- Regularly back-up the files stored on your computer, and keep an offline copy of the backup. You can back up your files with a trusted cloud storage service that keeps a history or archive of your files, such as OneDrive for Business where users can retrieve data from the past 14 days. In selecting cloud service providers, other than security, users should also take into consideration privacy issues and whether the providers may use your data in the cloud for their own purposes.
- Always keep your security software, operating system (e.g. updating to Windows 10 which comes with stronger security features and the new Edge browser), and other software up to date. You can easily keep all of your Microsoft software up-to-date by turning on Windows automatic updates. Your computer will automatically download Microsoft security updates when your computer is online.
- Enterprises and schools are encouraged to adopt a strong Cyberdefence ecosystem, such as the Windows 10 Enterprise and Education versions, which come with rigorous security features in the operating system including Device Guard and Credentials Guard, as well as enhanced applications such as Advanced Threat Analytics:
- Device Guard allows devices to run only trusted applications while Credentials Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them, thus preventing credential theft attacks.
- Advanced Threat Analytics is an on-premises platform that helps protect enterprises from advanced targeted attacks by automatically analyzing, learning, and identifying normal and abnormal entity behavior.
- Adopt identity-driven security and behavioral analytics: Microsoft Enterprise Mobility Suite (EMS) is built to protect enterprises from malware attack across multiple layers (identity and access management, mobile device and application management, and persistent information protection at the level of the file itself). With EMS machine learning capabilities, it provides behavioral analysis to identify high-risk cyberattack scenarios even before any damage has been caused.
###
About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. Microsoft Hong Kong was established in 1991.
For further information, press only:
Microsoft
Jocelyn Cheung
Tel: +852 2804-4437
Email: [email protected]
Hill+Knowlton Strategies for Microsoft
Nicole Chan
Tel: (852) 2894 6207
Email: [email protected]
Raymond Woo
Tel: (852) 2894 6355
Email: [email protected]
