Ransomware attacks grew in variety and frequency over 2016, prompting renewed concern from IT professionals. Ransomware can seriously compromise the target’s infrastructure, and is frightening to casual users and professionals alike. This article will help you understand what ransomware is, why it is so prevalent, how best to protect yourself from it and how to deal with an attack if you’re ever unfortunate enough to suffer one.
What is Ransomware?
Malware refers to malicious types of software used to disrupt operating systems, typically for the purposes of gathering sensitive information, advertising, trolling, scamming or gaining access to private systems. Ransomware is a type of malware that locks a user’s screen (locker ransomware) or encrypts their files (crypto-ransomware) with a cryptographic algorithm and holds that data hostage for ransom which it demands the user pay in exchange for a decryption key. It typically spreads to infect as many networks and machines as it has access to. Locker ransomware is easier to fix but is rarer, and as such, I’ll be exclusively referring to crypto-ransomware hereafter.
How it Works
A Ransomware Attack is typically delivered either by being clicked on (as a hyperlink), opened (as an attachment) or via an “exploit kit” from a compromised website. They are designed to slip past anti-viruses, covertly install themselves, scan the system for files and target some or all the available files for encryption, usually in a matter of seconds or minutes. The ransom is then demanded at a lock screen (typically in the anonymous cryptocurrency bitcoin) in exchange for a decryption key. After the deadline, the files are uploaded or destroyed. Sometimes hackers don’t release the information after being paid and instead demand more money. Phishing almost always carries ransomware. Email is its vehicle of choice, as emails are an easy way to penetrate both valuable individuals and otherwise secure organizations.
Preventing Infection Pt1. Emails
While ransomware can come from infected hardware like USB drives, it mostly comes from dodgy emails and websites. Emails provide a direct line to your users – the most vulnerable core of your network – disguised as legitimate messages containing infected links or attachments. Phishing emails are increasingly sophisticated and pose as legitimate companies (e.g. banks) or even individuals (known as “spear phishing” used to individually target especially victims).
Email filtering is your first port of defense, which is why it’s essential to have a clever email filtering system/service. However, most victims have both filtering and antivirus services, which is why user education (including training, if need be) is essential to know what phishing emails look like. Never trust a file because of its extension alone: JavaScript files can be disguised as .TXT, for example. Macros in MS Office documents can be used to execute them if enabled, so disabling macros if you’re not using them – and scanning any document that asks you to enable macros – can be a good precaution.
Preventing Infection Pt2. Websites
Exploit kits trick users into downloading and opening a file by exploiting vulnerable software (e.g. outdated Flash Players or a browser extension). Regularly updating your firewall and browser extensions (and limiting extensions to a few trusted developers) is essential. Ad blockers help reduce your risk substantially by preventing contact with malicious ads, and JavaScript blockers prevent contact with dangerous script. Isolation tools like virtual machines and sandboxing can be used to open files that might be suspicious, although they’re not perfect.
Dealing with Infection
If you do get infected, isolate which machines are infected, immediately disconnect them from your network (e.g. Wi-Fi) and close shared network drives remotely. It’s important to know which ransomware you are targeted with. Some are “fake”, i.e. they don’t encrypt your data properly, there are decryption tools for some and others don’t have a history of giving up the decryption key in exchange for ransom. Use the Ransomware Decryption Tool Finder to find out what you’re dealing with. You can then turn to a safe ransomware removal services company that specializes in making sure you eliminate all weak points in your setup.
Prevention Is Better Than the Cures Available
Backups are not always reliable and they don’t protect from data theft. Make sure you have an idea of the financial cost of downtime so you know how important your maintenance is. Do a risk assessment to assign value to your critical data assets. Understand how an attack may spread through shared network drives, make sure external backups are securely located and have a schedule to regularly test them. Finally, lower risk by limiting user access and privileges.
Prevent, prevent, prevent. Data is too valuable to lose due to negligence.
Zohar Pinhasi, CEO and Founder of MonsterCloud, is a leader in opening the cloud computing market to small- and medium-sized businesses. Zohar has 20+ years of experience with sophisticated technology systems.A leader in the fast-moving technology industry trend of cloud services, Zohar has spent the past 12 years evangelizing for small- and medium-sized businesses to shift to the cloud. A calculated risk-taker with deep tech industry knowledge, he continues to champion cloud services to his enterprise and consumer customers. The foundations of Zohar’s knowledge were established during a long training in an elite military technological unit. Zohar is also the founder of GOLBNET, a telecom company. Zohar’s motto: A dream is a seed. Vision plants it. Imagination nurtures growth. Opportunities create blooms. Thoughts become things! (Donna McGoff)