By now many of you would have come across words such as CryptoLocker, CryptoWall, Locky or TeslaCrypt. If you haven’t then good for you!!! These are some of the names of a new form of cyber threat called ransomware, the newest way of hackers extorting victims for money to fund their clandestine operations.
What is ransomware?
According to PC Tools Security News ransomware is a category of malware that demands some form of compensation, a ransom, in return for data or functionality held hostage. For instance, ransomware might change proxy settings in a browser to limit web use, making it difficult to find a solution to remove a computer virus. Typically, the ransomware is spread through a computer worm that enters through an email or network vulnerability. The ransomware can also encrypt a user’s personal files and documents in order to hold them hostage until the user pays the attacker and receives a key code from them releasing the hold on their computer. Ransomware can also pretend to be an antivirus program, telling the user that their computer is infected with malware, and then directing the user to purchase the program in order to fix the issues. This rogue security software may actually even pretend to scan the user’s computer for viruses and find many issues. However, the issues will be bogus and there will be nothing to solve by paying the ransom, except the hope that maybe the attacker will remove the ransomware from the user’s machine.
Mobile devices are not immune to this threat either. Several phone owners were reporting that the threat had migrated onto select pieces of hardware running Google’s Android OS and a few devices in the iOS ecosystem. Mobile ransomware would operate similar to its bigger cousin, locking down a device entirely with a message similar to the ones below.
The user either pays the ransom within a certain amount of time of the phone would be wiped clean.
What can you do?
The short answer, get anti-virus and malware protection and backup regularly. For businesses this is a tough challenge since not all end users are properly educated on how to safeguard themselves from these attacks. Malwarebytes recently released their new product Anti-Exploit which safeguards the system by looking for methods used by ransomware attacks and halting their actions. Check out our blog post showing Anti-Exploit in action here:
Ransomware targets users unwillingness to backup their most precious data. Copying the files to a separate medium, such as an external hard drive, then leaving it disconnected from the PC or network would be one way to safeguard your data. While it sounds simple enough the reality is most users find this inconvenient or sometimes forget. It gets worse for a business, large or small, with several computers connected together via a network. Cloud backup solutions would be a safer alternative with proper automated backup schedules. Retention is key for this solution to be effective and a generous time period for holding versions of your files is necessary especially for large networks. Retention gives you the ability to return to previous versions of your data so you can roll-back to the last clean copy of your infected file.
When ransomware first hit, it sent shockwaves throughout the cyber-world and claimed tens of thousands of computers. Today we are better equipped to handle the problem by studying its tactics. In the end you are still not 100% safe and hackers will continue to deploy new strategies targeting those end-users who are uneducated or lazy. Education on cybersecurity is very important for any business. Deploying a proper backup strategy as well as anti-virus / anti-malware tools throughout your home or business is one sure way of preventing these attacks from entering your system. Not sure where to go from here? Get in touch with us by clicking the help icon in the bottom right hand corner of this page and let us help you.