Published on Wednesday, June 22, 2016
It seems it’s that time of year when we are experiencing more evidence that Ransomware is on the rise. The best is to educate yourself on how it works and learn how to best protect yourself and your business from these aggressive attacks.
1. What is Ransomware?
There are 2 types of Ransomware.
a.) Encryption-Ransomware - uses encryption algorithms to encrypt any and all data on a machine. You would need a key to decrypt your files and attackers will ask for money for these keys.
b.) Locker-Ransomware - this places a lock on your computer. Attackers will still ask money for a key to unlock the computer but the data will not be encrypted.
A couple key characteristics that all types of ransomware have in common:
1.The encryption is unbreakable. It uses a 2048-bit RSA Key. Digicert said to break a 2048-bit key it will take a normal desktop about 1.5 billion years.
2.It has the ability to encrypt any and all kinds of files - from photos and videos to encrypted data and databases.
3.It can scramble all your file names, specifically to specify the ransomware.
4.It will display/add a message to let the user know the data is encrypted.
5.Attackers will ask to be paid in bitcoins to remain untraceable.
6.Most ransomware has a time limit to pay the ransom to add to the psychological effect to pay.
7.Ransomware can spread over a network quickly and easily.
2.Who gets targeted and how?
Anyone can get the virus.
Reasons to target a home user or network.
•Usually no backups are kept for home machines.
•Home users don't have the knowledge of cyber security.
•The same lack of online security makes home users vulnerable to manipulation by attackers.
Reasons to target a business environment.
•Businesses are where the money is.
•Attackers know that ransomware can cause major business disruptions.
•A lot of small businesses are usually unprepared for cyber attacks and don't have the necessary measures in place.
•The human factor is still a liability.
How ransomware spreads?
•Spam email campaigns that contain malicious links or attachments. A lot of users doesn't realise that spam emails are not an email from a company where you signed up for a newsletter, but emails that come from someone or somewhere that you don’t recognise. Most emails will be finance related where you will receive an email with a subject like payment notification and an attachment. The attachment looks like a PDF but it is actually a link that will download the payload for the ransomware.
•Security Exploits. This happens with a lot of companies that don’t have a firewall in place.
•Malicious websites with code injections.
•Botnets is where it spreads from one computer to another on the same network.
3. How to Prevent ransomware.
•Keep your machines software up-to-date. A lot of companies like adobe release updates to prevent their software from being able to download the payload packages.
•Keep Anti-Virus Active and up-to-date. A lot of anti-virus programs cannot detect the ransomware as it disguises itself as an operating system program. Even though anti-virus programs are getting updated every day, try and stay ahead of ransomware attacks.
•Network Security - Maintaining a strong firewall at a business is very important, as it will prevent intrusion over the network.
•Backups are the most important of all. If you do not have backups and you are unfortunate enough to get infected, your backups are the only thing that can save you and your business.
To sum things up, Owner of Computer World, Alan Landsberg advises, “The best solution to avoid becoming a victim of ransomware is to take the necessary precautions to protect your information and maintain vigilant. Make sure you have backups of backups of backups.”