Gaining popularity and becoming a more common occurrence is Ransomeware attacks. We can already hear you asking, “what is Ransomware?” To answer your question, Kaspersky defines Ransomeware as: “Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid for your system to work again. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message, or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.”
Imagine you sit down at your desk to login to your work computer just like you do almost every day. Today, however, when you try to login in, you see a message instead demanding you pay a fee to restore access to your computer. Ransomware can truly impact your work and even lock up your entire business network.
Common Types of Ransomware
CryptoWall
Discovered in June of 2014, CryptoWall encrypts files and deletes the VSS and shadow copies to prevent data recovery. CryptoWall has gone through numerous releases and name changes and has not been isolated to date. CryptoWall has also been able to exploit a Java vulnerability allowing it to create malicious ads on domains belonging to Facebook, Disney, and more. When a user clicks on the ad it leads them to sites that are CryptoWall infected and encrypts their drives.
SAMAS / SamSam / SamsamCrypt
Discovered in December of 2015, SamSam is a treat to organizations of all sizes and is arguably the most destructive form of ransomware. The code behind SamSam is not all that advanced. However, the group behind SamSam is advanced and target particular industries such as Healthcare, Governments, and schools which sets them apart from other Ransomware. The information they encrypt is highly sensitive. The group also monitors the web for mentions of their work and release a new version of SamSam once the current one is discovered. This helps them stay ahead of Antivirus detection.
Locky
Discovered in February of 2016, Locky is distributed as most others through malicious email attachments. Once it has been opened on a device, it encrypts files on the main computer and all mounted devices. Locky also deletes shadow copies of the original files while demanding a ransom for the decryption key. What makes Locky easily distinguishable from the different Ransomware’s is that it renames all files with a “.locky” extension when it encrypts them. Locky also replaces the desktop wallpaper with their ransom message so you cannot overlook it.
Best Practices to Protect Yourself and Organization from Ransomware
Back up your computer. Do this frequently! Backup your system and other important files, and verify your backups regularly. You may be able to restore your system using the backups if it becomes infected with Ransomware.
Store your backups separately on a remote device. We mentioned above that Ransomeware is able to delete the shadow copies (backups) of the original files. Once you complete a backup on an external drive, disconnect it and separate it from the network. This will protect your backup from the Ransomware.
Update and patch your computer. Vulnerable applications and Operating Systems (OSs) are the targets of most ransomware attacks. Updates and Patches may contain significant security updates to help protect you from Ransomware.
Use Caution. We cannot stress this point enough. Use caution when you click on a link or enter a website address. Pay attention to links inside of emails, even when it’s sent from someone you trust. You can attempt to independently verify the web address. Closely examine links as malicious website addresses often look almost identical to legitimate sites; they may use a different domain or a slight variation in spelling that is a challenge to detect without closely examining it.
Caution also applies to email attachments which are a favorite delivery method for Ransomware. Use caution when opening them, especially compressed files or ZIP files.
Check a Websites Security. This is to help keep your personal information safe. Check that a website’s security encrypts any and all personal information you enter.
In Summation
Ransomware is on the rise. Cybersecurity Ventures estimates that the global cost will reach $20 billion over the next year. Ransomware can take down your computer and your business network. You either have to pay the ransom to gain the decryption key or, if you are lucky, have current and secure backups to restore your system. Either way, you still face downtime.
Awareness and education are key to protect yourself and your organization from Ransomware. Educate yourself and your team on the recent Ransomware trends, how Ransomware is being delivered, awareness, and basic protection practices to help ensure you and your organization remain protected from Ransomware.