Cybersecurity Awareness Month 2016: Ransomware and You

Categories: Information Security

Ransomware is a term for malware that infects computers and attempts to extort money from the user by holding the files and data for ransom. In most cases, the data is encrypted in such a way as to make it no longer readable without the encryption key. The user is presented with instructions on how to pay the ransom, after which it should be possible to decrypt the files. Ransomware has existed for several years, but has exploded in popularity in the latter half of 2015 and the first half of 2016[1]. The primary reason for this explosion is that it has become the single most profitable form of malware in use; as an example, McAfee’s Q2 2016 security report told the story of a Russian gang of malware developers who made more than $120 million in the first six months of 2016. Even allowing for costs of distributing the malware, their profit was probably over $90 million[2].

With profits like that possible, it should be obvious both why cybercriminals are turning to ransomware and why the problem is likely to persist. There is great incentive for these criminals to continue developing new forms of ransomware and new ways of distributing the malware. Currently, variants of ransomware exist for Windows, Linux and MacOS systems; Windows variants are the most common, but the others are growing.

How can we protect our systems against ransomware? For ransomware, traditional antimalware tools don’t help us; they can remove the ransomware, but the files are still encrypted, and in most cases, cannot be decrypted without the key. We need to do two things to be secure:

  • Don’t get infected; most of these attacks come through email or malicious advertising. For email, be extremely careful of attachments, especially zip files and Word documents, as Word macro installers for ransomware have started to show up in the wild. For malicious ads, update your system, especially Flash and Java, and run a good real-time protection antimalware.
  • Have a good protected backup of your data. Online cloud backup is really the only protection against this type of ransomware. The various cloud backup services keep several versions of your data, so even if your files have been encrypted, it should be possible to restore unencrypted versions. They also are able to defend against most types of ransomware, so your backups should remain uncorrupted. If you don’t have this type of backup, then infection with ransomware will most likely result in complete data loss.

Some new variants of ransomware have the ability to copy themselves across network file shares, meaning that if one computer in an office became infected, soon all of them would also be infected. This also means that backups made to external hard drives, thumb drives, and so on would be vulnerable to infection – or could spread the infection themselves.

For more information on ransomware, including help with prevention, please go to https://www.nomoreransom.org. This site, a joint project of Kaspersky and Intel Security, has a great deal of information and help for those affected by ransomware. Some other helps:

Cloud backups
A cloud backup which maintains multiple versions of backed-up files allows for protection against ransomware by making it easy to revert to an earlier version. Here are some options for cloud backup.
OneDrive – allows restoration of earlier versions of Microsoft Office files. It is unclear whether or not OneDrive will maintain multiple versions of non-Office files.  https://support.office.com/en-us/article/Restore-a-previous-version-of-a-document-in-OneDrive-for-Business-159cad6d-d76e-4981-88ef-de6e96c93893 has instructions.

CrashPlan – allows user configuration of multiple versions and retention settings. Different backup sets are possible (allows user to prioritize data for backup). https://www.crashplan.com/en-us/

Carbonite – keeps multiple versions of files going back up to 90 days. https://www.carbonite.com/

Security Software

Bitdefender Antivirus Plus 2017: http://www.bitdefender.com/

Kaspersky Anti-Virus (2017): http://usa.kaspersky.com/store/kaspersky-store

 

[1] Cisco 2016 Mid-Year Security report

[2] McAfee Labs Threat Report – September 2016

Leave a Reply

Your email address will not be published. Required fields are marked *