In the last year we have seen a litany of cyber-security horrors. Email hacks, data breaches and identity thefts that have all caused problems for businesses and business owners. But the threat trend that has caused the most fear has been the breed of malicious software known as Ransomware.
In this guide, we’ll explain what ransomware is and give you some tips on how to protect yourself and your business.
There has been malicious software (known as malware) around for as long as computers have been connected together. Ransomware is very particular type of malware that causes a “data kidnap” on your computer.
Ransomware usually finds its way onto your system through covert means – either from emails, access to an infected website, via a direct hack, or through the malicious action of an employee.
Once it’s installed itself, the ransomware will restrict your access to data and programs.
Just like in a real kidnapping, the the only way to release the computer and unlock the system is to pay a ransom. If this is done, the user supposedly has access to their data once more.
There are several variations of ransomware including existing known problems and plenty of emerging variants. Some use encryption as their mode of attack, some ship as virus loads, some can transform off-the-shelf software into a ransom-demanding nightmare, while others are based on PowerShell.
There are lots of variations, but typically, the attack begins with a bogus email which contains a malware attachment or click through link to an infected website. There are also bogus pop-up ads which can appear claiming that the system has been affected and urging them to click on the advert to find the solution.
A typical attack begins with a booby-trapped email message containing a malware attachment or click through link to an infected website, or a bogus pop-up ad on a user’s screen which claims that their system has been infected and urges them to click on the advert to find the solution.
Once you’ve taken the bait, the software is added to the system, usually encrypting the data on your hard drive so it’s no longer usable, or even creating a new master boot record for the drive. This is accompanied by a demand for payment to the attackers, before they’ll agree to release a decryption key so that you can regain access to your system.
Ransomware demands vary. They may be as little as £10, or £1,000 and more, depending on who is being targeted.
Payment is usually requested by wire transfer, Bitcoin, premium text message, or some other forms of online credit.
The demands usually ramp up as well, to put pressure on the recipient, and increase their urge to pay – such as increasing the ransom if payment isn’t made by a certain time, or flooding a user’s screen with random pornographic images – which is potentially a huge embarrassment, in a work context.
Unfortunately not. Paying the ransom does not guarantee the end of the ordeal. There is evidence that having paid once, you open yourself up to further attempts at extortion. On top of that, there is a very real possibility that the attackers themselves won’t or can’t supply the decryption keys necessary to restore your system, either through pure malice, as a tactic to extort more payments, or because they bought their ransomware solution from another source and don’t actually have the decryption key.
Ransomware often includes a spyware component that remains on systems after restoration anyway, recording keystrokes, mouse movements and other private and sensitive data.
Ransomware is the flavour of the moment. The software can be coded or acquired easily and yields quick returns for cyber-criminals. Many times organisations believe that it’s less hassle to just pay the money and get the keys, rather than spend time and more money trying to get systems back online internally.
Unfortunately, ransomware is enjoying a high success rate, too. The FBI in the US estimates that annual payments of around $150 million are going directly to the initiators of the general class of “rogueware” attacks, which include ransomware and scareware antivirus scams.
There’s no simple, catch-all solution for preventing ransomware attacks, but there are some simple precautions that anyone can apply
Scheduling and performing secure backups of all your data is very important. If a computer becomes infected with ransomware, the quickest solution is to wipe it, then restore a safe configuration from clean backups. It’s important to ensure that backup locations are not connected to your existing network, keeping them safe if your network is compromised.
A security suite from a reputable manufacturer, such as Kaspersky, should be capable of isolating suspicious code or attachments in a safe area, such as a Virus Vault, Quarantine, etc. Then running tests to establish their true nature. Remember that there are fake antivirus sites are a vector for some ransomware, so don’t trust them to help you.
If you enable pop-up blocking for Web browsers and mobile apps it will eliminate the temptation to click on those tempting ads and warnings. The best way to interact with most pop-ups is to close them!
It’s important to always be vigilant and wary of email correspondence. Ransomware attacks often originate from sources that seem to be legitimate, including organisations you have regular dealings with, or people within your own company. One method used for gaining access to corporate networks is to get email recipients to forward messages on to colleagues in other departments. You should be wary of opening anything you are not expecting.
Reading the literature, blogs and cyber-threat bulletins helps you know what’s out there and how to overcome it. It’s always important that your staff are also up-to-date and trained on current threats and security procedures.
Remember the words of the Hitchhiker’s Guide to The Galaxy – Don’t Panic!
If you fall prey to ransomware, do the following:
This will at block off the ability of the attacker to communicate with your computer, or use their malware to monitor your system. If you’re on a corporate network, shut down your machine, and alert your IT division to the threat.
Ransomware is a crime and should be reported. So contact the police and let them know what has happened.
Many organisations regard this as a judgement call. But cyber-crime is used to fund further criminal activity so any payment you make to the attackers will probably be ploughed back into their research and development fund for improved ransomware. Also, once they’ve realised that you are someone who is willing to cave in to extortion, they’ll likely target you again.
You may have to reset your hardware to its factory defaults, or even wipe it clean of all data, before you can restore it full.
If in doubt about your system or how to deal with an attack, contact your IT provider. Here at Wood ITC we are experienced in dealing with the aftermath of attacks and restoring systems back to full working order.
If you think that your systems might be vulnerable to attack, contact us today.