By Ed Breay
Ransomware – you hear about in the office, even on the evening news since attackers have become creative in this newer threat invention. Everyone’s talking about it, so, what is it?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid – usually in Bitcoin.
It’s as simple as that – pay up, or lose access to your entire system. Don’t have a backup? Then your banking records, personal healthcare documents, even your pictures from your European vacation are completely gone. Hackers are completely remorseless.
What does Ransomware look like? Ransomware presents itself to the user of a system after infection by an on-screen alert. Here are a few examples.
Ransomware is propagated typically through phishing emails that contain malicious attachments.
Tip #1 – Do not open email attachments from unknown senders.
Ransomware can also be distributed through drive-by downloads. These are malicious files downloaded onto your system during a visit to an infected website. The download is typically automatic and happens behind the scenes unbeknownst to the user.
Tip #2 – Do not visit dangerous or unknown websites – and do not follow web-link shortcuts from unsolicited senders.
Browsers and virus scanning software do a pretty good job or warning you that a site is dangerous – but do not go if you don’t know the site.
Simultaneous to the alert you see when ransomware is present, it is locking up your system usually by encrypting the filesystem – as well as your personal files – documents, pictures, etc. It then starts a threat timer. In order to get rid of the potential of losing access to your stuff forever, you will have to buy a decryption/unlock key from the person initiating the ransom before the timer counts to zero. If you do not beat the timer, your system will remain encrypted and unusable… forever.
Ransomware in real life
One recent ransomware attack on a European hotel disabled the hotel room key system so guests could no longer gain access to their rooms, and the hotel could not create new room keys with the system. The hotel was left with no choice but to pay the ransom so they could regain access to their key system.
You can see by the hotel example above that organizations can become victims of Ransomware as well as individual users. Businesses that are victims have no choice, but to pay when they become victims of ransomware. With all systems unavailable, business operations come to a complete halt.
So how do you save yourself and your files systems from Ransomware? If the ransom has already been applied, you have little choice, but to pay. There are some virus scanning solutions that claim they can detect variants of ransomware, but not all can. It is better to take preventative action that to try to detect.
Here are simple practices you can follow to prevent Ransomware from happening to you or your organization:
• Use application whitelisting to help prevent malicious software and unapproved programs from running.
• Keep your operating system and software up-to-date with the latest patches.
• Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
• Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services.
• Avoid enabling macros from email attachments.
• Do not follow unsolicited Web links in emails.
• Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.
For details on additional steps on how to prevent ransomware, please read Ransomware on the Rise.