Ransomware is proving to be one of the most destructive forms of malware to businesses.
Ransomware, as the name suggests, is malware that restricts access to a computer system and demands the user pay a ransom to remove that restriction.
So how does it work?
Ransomware infects the computer through a downloaded file, either through a website or email.
Ransomware has 3 variants:
- “Scareware” displays a notice about illegal activities such as child pornography and imitates notices sent by law enforcement agencies.
- “System lock” where access to the computer is restricted.
- “File Encryption” the third variation, is the most sophisticated where the malware encrypts files on the computer and usually files on anything connected to it, such as server files. The encryption is generally so strong, only the author can unlock with a key. For example it would take years to unencrypt files with a process called Brute Force.
Payment is generally asked to remove the ransomware by either supplying a program that can decrypt the files or sending an unlock code. Payment is made with a range of methods, with most of the recent ransomware using Bitcoin.
Ransomware started to appear as early as 1989 but returned to prominence in late 2013 with the propagation of CryptoLocker. It has been estimated CryptoLocker in just a couple of months procured about 27 million US dollars.
The latest ransomware to look out for is CryptoLocker v2 and CryptoWall.
These Trojans spread via email pretending to be from Australia Post and other sources. I’ve personally seen it in an email pretending to be from a person the client knew with a CV attached.
Most famously ABC News 24 got hit by CryptoLocker One and took it off air for 30m whilst they changed studios.
CryptoWall is so smart it disables a service that helps your computer restore data called Volume Shadow Copy and also installs spyware that steals passwords.
Often you will only notice it when it’s too late. Typically you will go to open a Word or Excel file and the characters in the document will be jumbled up. Sometimes when you have a large amount of data the encryption process will take a long time, so you can run a scan to remove the virus and hopefully mitigate the damage.
So how can you best protect your business from Ransomware?
- There is no silver bullet for ransomware. Businesses need to take a range of measures to combat it.
- Be vigilant
- Always check who the email sender is
- Double check the content of the message
- Refrain from clicking links in email
- If unsure, phone the company
- Backup your data
- Regularly backup your data
- Have offsite copies of backup data. Ransomware can encrypt backups.
- Have offline copies of backup data.
- Keep in mind that paying the ransom does not mean the malware is gone. In some cases the files will be encrypted again and the cybercriminal will ask for more money because they know you will pay.
- Make sure your Antivirus is up-to-date
- Up to 70,000 new viruses are created every day so your Antivirus is useless if it is not up-to-date
- Use Advanced antivirus features
- Many scanners have behaviour monitoring. The software looks for suspicious behaviour on your computer and blocks it.
- Use a good email filter
- An email filter processes emails before they arrive to your inbox.
- This removes viruses and spam
Rule recommends the following products to combat ransomware;
- Trend Micro Worry Free Business Security Services
- Forefront of research with Deakin University
- Developed alerting System for Australia specific ransomware outbreaks
- Behaviour monitor for ransomware
- Alerts customers about new attacks
- Competitive cross over discounts available
- Email us for a quote: sales@ruletech.com.au
- Trend Micro Hosted Email Security
- Hosted at Trend Micro – off premise
- #1 in spam protection and anti-malware
- Protects on site email servers and cloud email such as Office 365
- Social Engineering Attack Protection (SNAP)
- Email us for a quote: sales@ruletech.com.au
One Response
Great line up. We will be linking to this amazing article
on our website. Keep up the good writing.
Comments are closed.