Online Security 101 – Ransomware

Ransomware

Ransomware is a type of malicious software that usually aims to extort money from victims by encrypting files and disabling operating systems.

File encryption is probably the most common attack method used in ransomware attacks. Files stored on an infected device are subject to encryption, then a message will pop up informing victims of what’s taken place and what’s required of them in order to regain access to their files.

Ransomware attacks are never subtle!  The attackers will make sure you know what’s happened and will make their demands very clear!  They might use coercive language and even threaten to delete files permanently if they don’t receive a payment within a specified timeframe.

Such attacks are designed to panic victims into action, and often the attackers get their way as victims can’t bear the prospect of losing access to their files – their livelihood may be at stake.  However, acquiescing to the demands of the attackers is no guarantee that they’ll restore access to your files and it may even increase your chances of being attacked again in the future.

.

Forms of Ransomware

Like many other forms of Malware, ransomware comes in a variety of forms.  The common theme they all share is that they will massively affect your ability to use your computer or access the file resources you need.  Here are some of the most common types…

Screen Lockers. You can probably guess what these do.  Screen Lockers typically infect your computer’s operating system, rendering the entire machine unusable from the point of entry.  You’ll try to log in to your account only to be confronted with an unclosable pop-up message demanding payment.

Crypto Ransomware. This is ransomware in its ‘classic’ form.  Here encryption is used to render a victim’s files unreadable.  The victim then receives an alarming, sometimes threatening message demanding payment in order to have files decrypted.  Threats of ‘permanent deletion’ are often made and often a countdown clock appears giving victims a payment time limit.

Scareware. Scareware uses fear alone to extract payment from victims.  Scareware is often encountered on infected websites.  A pop up will often appear displaying a message such as;

“Warning, 157 malicious threats have been detected on your computer.  Do you want to fix these now?”

The message will then redirect the user to a page where payment details are requested.  Alternatively, interacting with the pop-up could trigger the download of more harmful malware.  Encountering Scareware isn’t usually as serious as other forms of ransomware – you can just walk away, it’s less likely that your device has been infected.

Doxware. Similar to Crypto ransomware but with an added sting in its tail; doxware attacks involve a threat to make sensitive files public. Doxware attacks often target ‘high profile’ or ‘high net worth’ individuals such as politicians or celebrities, for whom personal files being leaked could be catastrophic to their reputation.  Once the attack has occurred it’s hard to do anything as the hackers already have your files in their possession, sadly this tends to make doxware more successful than other forms of Ransomware when it comes to victims paying the fee.

.

How to protect yourself against ransomware attacks

With about a quarter of ransomware attacks resulting in a victory for the attackers, ransomware is one of the more lucrative forms of malware from the cyber criminal’s point of view.  Prevention is definitely better than cure with this and all other forms of malware, so preventing infection in the first place should be your priority.

First, let’s consider the common pathways ransomware takes to infect computers.  Most attacks are the result of ‘user-initiated’ action.  This could mean opening an infected attachment in a spam email or interacting with an infected website. Other pathways to infection require no user input, such as ‘drive-by downloads’ and ‘malvertising.’

.

See below or some of the best ways to keep your system and files secure against ransomware.

.

  • Consider active security solutions. Use a combination of various anti-malware software measures to protect your users.  This means more than just anti-virus; look for threat protection that offers the added security of a firewall to protect your network at the point of entry; consider web filters and spam protection to prevent your users from accessing malicious sites and email, and consider threat protection services that offer some kind of backup facility so you can restore files should you lose them.
  • Keep all software patched. Keep everything up to date: operating systems, anti-malware platforms, software, and apps.  Hackers are constantly on the lookout for vulnerabilities in well-known software platforms.  By keeping everything up-to-date you’ll minimize these points of entry.
  • Be careful with Email. Train your staff to be wary of emails from unknown sources.  Take particular care when dealing with embedded links and attachments unless you’re 100% confident they come from a legitimate source.
  • Use cloud services. Over-reliance on email to send documents can pose risks.  Cloud storage services allow mass filesharing while minimizing opportunities for malware to find its way onto your computer.
  • Disable Macros.  If you receive a Microsoft Office files that require macros to be enabled to read it, consider using Office Viewer. Since 2013, Microsoft Office has had macros disabled by default, and users will now see a small pop up saying that macros have not been allowed to run.  Cybercriminals have been known to use macros to harmful effect by embedding malicious code in Office files and distributing them online.
  • Don’t pay the fee! Of the roughly 25% of ransomware victims who pay the fee, about one-third of those never regain access to their files.  Even if your files do get restored be wary of subsequent attacks; now that you’ve paid the attackers might have you down as a ‘soft target.’

.

We’re Elixis Technology

.

We help businesses across Clark county harness technology to drive success.  Our expertise covers all bases; from remote monitoring/maintenance and security to hardware, phone systems, surveillance solution, cloud services, and much much more.  It’s easier to ask ‘what can’t we do?’

Why not get in touch today to see how the best tech solutions can power your business towards its goals.

.