When it comes to active malware infection, as many as 18.5% of a company's computers are actively communicating with criminals, according to Damballa's “State of Infections” report.

No firm is exempt, as this occurs across both large and small enterprises, the study found. Company policies, more so than company size, determines the “cleanliness” of any given network.

“We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk,” says Brian Foster, CTO of Damballa, a firm that detects active threats and provides cyber protection and containment.

Damballa reports that the past 18 months have experienced a rise in Kovter ransomware infections, so-called because it locks the victim out of his or her computer until the victim agrees to pay a fee, which can be as high as $1,000. At its height, infections reached 43,713 devices in a single day. Month over month, average daily infections increased 153% in May and 52% in June.

However, there is some good news: Ransomware was dealt a crippling blow after the Department of Justice initiated Operation Tovar, which aimed to dismantle the GameOver Zeus botnet and its destructive payload CryptoLocker. The DOJ estimates that CryptoLocker compromised more than 260,000 computers worldwide, about half of which occured in the U.S. More than $30 million in ransom was collected between September and December 2013, the FBI reports.

“When it comes to mass infections, we can apply best practices from Operation Tovar as a blueprint for managing global cyber public health,” Foster says. “It underscores the need for continued, co-ordinated efforts across the security community.”

These best practices for a malware takedown include:

Global partnerships between public and private entities
Criminal and civil legal processes designed to stop communications between infected computers
Cooperation from domain registrars who agreed to block or sinkhole the DGA elements of the infections
Mass notification of victims and easy access to malware removal kits.

Special Reports /

Nearly 20% of company devices communicate with criminals

Related Stories

Recommended For You