Cyber security threats and attacks are always evolving. viruses, worms, trojan horses, spyware, adware and scareware have all been around for a long time. However, in 2016 there has been a boom with regard to cyber threat called: Ransomware.
Ransomware is defined as a type of malware that creates a restriction (of some type) on the user’s computer. In order to remove the restriction, the user must pay a ransom. This form of crime-ware is unique in that it tries to force the user into directly paying the criminal––effectively turning the malware itself into a way for the attacker to profit. Since 2013 when it first became known, ransomware has become more and more widespread because of the initial success of cybercriminals in convincing victims to pay to recover their files.
Ransomware like Cryptolocker and CryptoWall all work in similar ways. These two widespread exploits all attack files on the victim’s computer and encrypt them with a private key known only to the hacker. This makes the files useless to the victim; they can no longer access the contents without the key. To obtain the key and decrypt the files, the victim must follow the criminal’s instructions to make a bit coin payment and obtain the decoder.
How is ransomware spread?
Ransomware can be distributed through the same vehicles as other malware: software downloads from websites, attachments to emails, and even malicious ads (known as “malvertising”) delivered over online ad networks.
What can you do?
Even today’s sophisticated malware protection can be bypassed by ransomware. The best approach to security is multi-layered and requires vigilance from both IT professionals and their end users.
- •Always keep backups. Data can’t be recovered if it isn’t backed up. Have a strategy in place that covers every user, device and file.
- •Lock down administrative rights. Don’t give users administration rights, even on their own machines, unless it’s absolutely necessary.
- •Stay up to date. Keep systems and apps current with the latest patches to avoid exploits that rely on outdated code.
- •If an email looks suspicious, it probably is. Teach users to trash emails that look like spam. Better yet, show them how to inspect email headers if they’re unsure of the sender.
- •Don’t open attachments. Unless your users are absolutely, positively sure that they recognize both the sender and the file, it’s better to leave attachments alone. If they do open attachments, they should never enable macros or executables. Suggest other ways to share documents that require authentication and have built-in virus scanning.
If you are concerned about RANSOMWARE, or have more questions please contact SCPLLP IT department and we will help you assess your IT infrastructure, provide recommendations and ways to protect your business.