Ransomware is the biggest threat to your data’s security today. There are hundreds of variants and it seems like there is a new variant everyday now.
Industry experts suggest that 93% of phishing emails now contain ransomware. Many infected emails are opened by users who don’t understand that they have been targeted as part of carefully designed social engineering trap.
Ransomware is the absolute worst infection you can get on your computer today and it’s practically unstoppable at this point in time.
I just spent a week at a conference in Myrtle Beach, the Techno Security and Forensics Investigations Conference/Mobile Forensics World 2016. We take security very seriously here at ATR and we try to keep up with everything as much as we possibly can. Thomas tracks changes and keeps up with these events even more than myself.
If you haven’t heard of ransomware, let me describe what is does. Ransomware is a type of Malware that stops your computer from working or restricts your access to the computer or its data. You are faced with a screen that informs you that your data has been encrypted or that your machine has been locked and you will have to pay to gain access to your files. This is such a powerful weapon that you have essentially lost ALL of your data. Pictures, emails, accounting data, music, videos, documents … everything of value to you. The worst part, it’s almost impossible to stop it once you have been infected.
You may think that paying up would be the best thing and that’s what the attackers want you to do. Unfortunately, I have had several companies and clients that have recently been infected with Ransomware. In half the cases where payoff was made, their data was irretrievable and the clients lost their monies. These payments vary in amounts but average between $1000 and $1,000,000.
Ransomware generally infects your system through a fake email, called phishing. The emails look very real and users are highly likely to open the email because the criminals use social engineering to make the user want to open the email. Once the email has been opened the malware begins infecting your computer. The infection can also be spread in many other ways.
Also beware of Ads, don’t click on them and also use an adblocker.
The best ways to stop these attacks is to be extremely careful when opening an email. If you see a strange email and wonder why your friend is sending it, call them and ask them if they sent you the email. Do not open it. Just delete it.
Again, beware of Ads, don’t click on them and also use an adblocker.
Anti-Malware and Anti-Virus companies are getting better at detecting and stopping the attacks. However, they are struggling to catchup and are falling further behind every day. Keep your security software running and up to date.
Backups, Backups, Backups. If you have a backup and are hit by the attack, then you will be able to recover your data. However, the newest versions of the ransomware attacks have been detecting and encrypting the local backup drives that are attached to the system at the time of the attack. They are even spreading through whole networks and encrypting fellow employees, file servers and their local backups. They lose everything! Using rotating backup drives or disconnecting the backup drives after backup is the best way to ensure your backups are safe. We definitely recommend using offsite backups in addition to your local backups.
A Black Market is used to communicate with the software and user to disseminate information and assisting in the collecting of the funds. These are called Tors and they cannot be tracked by any conventional means. We are currently Beta Testing a program that may stop or inhibit Ransomware activities. We will keep you apprised of our findings.
We are here to help you in any way we can. But, if you’ve been infected there may not be much we can do for you. The best thing you can do is take the above mentioned preventative steps. If you think you cannot complete these steps yourself, just call us and we can setup an appointment with you. If you have a contract with us, then the contract will cover any costs.