Ransomware: A new kind of threat.
At some point in time, we’ve all been a victim of some form of theft. We’re taught from a young age to be wary of strangers, we lock our doors at night, and we keep the contents of our pockets safe from prying hands. Unfortunately, these threats also exist in the virtual world so many of us occupy nowadays. Spam emails, Phishing Scams, Pop-Ups and Toolbars; there are thousands of different ways someone can really wreck your day on the internet.
A new threat has started to surface in recent years, which takes this to a whole new level – Ransomware. Essentially, Ransomware is the online equivalent of an extortion racket. An infection is spread, usually via emails with hidden content, the infection propagates to the device that it reaches, and slowly begins to damage as much as possible – for a home user, this may mean losing a few documents, but for a large corporation, it can be a real disaster. I’ll outline a typical scenario of how Ransomware can spread, and how you can identify the warning signs to prevent extensive damage:
1). The Ransomware variant is downloaded – this is usually in the form of an email with an attachment. The attachment will contain a file with some form of embedded code. Some variants are downloaded from the internet hidden in other files.
2). The code runs, and very quickly encrypts files on the device – an encrypted file is only accessible using a specific key which is used to reverse the encryption. Accessing an encrypted file without this key is impossible. This key is usually held on the server which initiates the Ransomware in the first place; in other words, these files are now irreversibly damaged.
3). The Ransomware also creates new files, usually either text files or links to websites, which detail how you can “unlock” your data. Generally, this will involve paying an extortionate amount of money to a clandestine entity, in exchange for the key.
As you can see above, it is very easy for a company to lose a significant amount of data in a very short space of time as a result of these attacks, but there are steps you can undertake to prevent the damage occurring. It’s essential to be able to spot the warning signs, and have a robust solution in place to recover if you become a victim.
1). Be vigilant with emails – and always check the source. Never open an email that has an attachment if you don’t recognise the address of the sender. Always check the email address of the sender rather than their name on the email, as it’s very easy for someone to change their name to match one of your known contacts, but it’s not easy to spoof an email address.
2). Be on the lookout for files you don’t recognise – Tell-tale warning signs of Ransomware include files on your machine being replaced with new files that have strange names, usually a collection of random letters and numbers. If you notice that your My Documents folder suddenly has a lot of content you don’t recognise, chances are you’ve been infected.
3). Don’t sit around! – If you notice the warning signs, contact your IT support company immediately. If you’re using a desktop, remove the network cable as soon as you see these signs, or disconnect from Wireless if you’re using a laptop. Ransomware requires an internet connection in order to encrypt your files – disconnecting will stop it in its tracks. The longer you wait, the more of your files will be encrypted, and the more extensive the damage will be.
4). Don’t be tempted to pay the ransom – there are many reports of instances where payment was sent as requested, but the files encryption was not removed. Don’t trick yourself into thinking that you’re dealing with a legitimate business – the Ransomware developers want your money; they don’t care about your data.
5). Ensure that you have healthy backups – if you pay for IT services, you should speak with your IT Support company to see what they recommend. Backup software is an absolute necessity for any company, as it gives you a quick and easy way of recovering the data after it’s been encrypted. Bad backup software will only increase your downtime.
6). Invest in a firewall – which is able to block connections at an application level. Many modern firewalls allow you to filter traffic for specific purposes – being able to turn off traffic to known malware is essential, as it prevents Ransomware from propagating in the first place. It won’t stop the infection getting to your machine, but it will prevent your files being encrypted in the first place, allowing for a much faster cleanup with far less risk of data loss.
7). Invest in Anti-Virus for the 21st Century – most anti-virus products use a signature based system of detection which requires that threats be already known by the software. As a new threat emerges, the security community tests variants of it, and the “signature” of this variant is then added to their database. The Anti-Virus software reads this database, and checks your machine to see if there are any matches. Ransomware developers can very easily change their code just enough to change this signature, rendering it essentially worthless in this case. There are new products on the market that use more advanced methods to prevent Ransomware – these products monitor for the effects that Ransomware causes, meaning they can identify any variant of it regardless of how it’s occurred.
At Clovertec, we have prepared ourselves thoroughly for modern threat protection. Utilising new-age Sophos InterceptX software, we can stop Ransomware before it has a chance of taking down your business, and as a cloud service, it provides a centralised solution for reporting on threats regardless of whether you’re in the office on a desktop, or working at home on your laptop. The threat reports also feature root cause analysis, which allows us to pinpoint where the infection originated from, so it can be prevented in future.
If a threat still manages to get through the barriers, we utilise the latest in granular restore technology via our Data Guardian Cloud Backup solution to restore only the content that is needed. This solution ensures that a copy of your data is always kept away from any devices on your network, to provide maximum redundancy.
Alongside this, we also utilise SonicWALL firewalls, which allow us to block Ransomware from communicating with the outside world, cutting off the encryption process at its source, and preventing your files from being damaged.
To read more about Sophos InterceptX, and how it is revolutionising the IT Security industry, please take a look at the link below.
If you would like to know more about how Clovertec can protect your company in the modern age, please get do get in touch on 0113 887 3710.