A QUICK GUIDE TO RANSOMWARE
Ransomware is a piece of malware that has the purpose of taking control over locally stored data. Once that the data is encrypted, the cyber criminal will ask a ransom in exchange for the decryption key. Often, victims will be instructed to pay the ransom money using Bitcoin, because this virtual currency allows the hackers to preserve their anonymity. Sadly, this has turned Bitcoin into a hackers' paradise.
The encryption algorithms are very complex, making data recovery almost impossible. Most ransomware attacks spread through file sharing networks, being bundled with pirated software. Other hackers make use of phishing emails which include infected images, executables or macros as attachments.
Many pieces of ransomware utilize already known computer vulnerabilities, and company networks are one of the most attractive targets. It is estimated that almost 35% of the attacks target businesses, which are known to store irreplaceable data on their servers, have more financial resources, and thus are more likely to pay the ransom money.
The first piece of ransomware was invented in 1989. It was only encrypting, and then hiding the files and folders on the C drive, by the encryption mechanism was quite weak. Cyber criminals have gotten much smarter since then, though. The WannaCry attack, which has affected hundreds of thousands of computers, was reportedly initiated by several North Korea hackers.
Businesses simply cannot afford to lose access to their data as a result of a ransomware attack. So, how can you protect your company from ransomware attacks?
The good news is that in a business environment you can use sound group policies to prevent the execution of any unknown application. It's the first security layer that should be employed by any system administrator, and it's one of the most effective methods to keep ransomware at bay.
Then, ensure that all the devices on the network are patched regularly. While new vulnerabilities are discovered each week, and some of them, such as Spectre and Meltdown, can't be properly patched, software developers are doing their best to minimize the damage.
It goes without saying that devices running unsupported operating systems, such as windows XP, should be removed from your network for good. On a side note, despite dumping support for XP, Microsoft has still released a patch for this operating system after the WannaCry attack. This shows how severe the threat was, and it shouldn't entice anyone to continue to use Windows XP, of course.
No More Ransom is a project that was initiated by Kaspersky Lab, Intel Security, The National High Tech Crime Unit of the Netherlands' police, and Europol's European Cybercrime Centre, with the goal of helping ransomware victims regain access to their data without paying the attackers any money.
People can upload an encrypted file to the "Crypto Sheriff" section of the website, along with the email and/or website address that was included in the ransom demand message. Then, the service will try to identify the type of ransomware, and will (hopefully) provide a link to the decryption tool, in case that it is included in their "decrypted" list. No More Ransom has decoded 12 types of ransomware so far, and their list is constantly growing.
Of course, this won't work if the malware is still active in your computer's memory. So, the very first step of the process is to clean your computer using a reliable antivirus application. Don't forget that regular backups will help keep your company data secure. We can help you set up a system that backs up data locally and to the cloud, so be sure to contact us if you need this service.