Hopefully as you read this you have not been a victim of Ransomware. The number of articles published and news clips seen on TV have been numerous yet every day infections occur around the globe.
What is Ransomware?
The current common threat is a Ransomware virus called Cryptolocker which encrypts all user files on the local computer and network drives and then prompts the users for payment before the files are released. The virus propagates through HTML links within emails, clicking on this link will download the virus which is set to start automatically. As the more sophisticated versions of Cryptolocker don’t have an attachment, it is increasingly difficult to block with standard methods. Additionally, the source code is freely available so anyone can make their own version and distribute. The email hyperlinks usually come from seemingly official sources such as the Australian Federal Police, ATO, RTA, and Australia Post. They typically are written in such a way that cause an emotional response (such as receiving a speeding ticket) in the hope that you will click the link without thinking. It is important that if an email seems suspicious to verify who the email is from.
How does the attack occur?
These attacks all involve infiltration of your IT system by a rogue computer program. Firstly, your computer becomes infected, and then you receive a notification in relation to what the cyber-criminals want from you
The malicious code can compromise your network if you unknowingly surf an infected website, open an infected email attachment or unwittingly click on a link in an email or attachment. The code encrypts files on your machine, and if on a network, infects the files on the network drives. A pop-up may appear asking for payment to reverse the damage or an email appears in your inbox carrying the same disturbing message.
How do I protect myself against Ransomware?
- Regularly update your PCs, servers and mobile devices with software patches for Java, Adobe Flash, Acrobat Reader, Windows and Internet browsers.
- Educate users to be security savvy and to avoid opening attachments such as ZIP files and clicking on links in emails and attachments such as PDF unless they absolutely trust the source.
- Install and maintain comprehensive, constantly updated security software at every possible entry point into your network (PCs, notebooks, mobile devices, servers and Internet gateways).
- Have next-generation firewalls in place with advanced security features and policies to strip attachments such as .exe, .js and .vbs.
- Have watertight backup procedures in place with back-ups kept both on-site and off-site and stored securely. You also need a best-in-class system recovery solution with the ability to restore files quickly.
What if you get attacked?
If you get infected by Ransomware then the general consensus in the IT security industry is not to “pay up”. If you try to pay the ransom they may increase the amount payable before releasing the encryption key (or not release it at all!). The best way to protect yourself is to ensure that you have a good backup each and every day since the only way to get your data back (apart from paying the ransom and getting the encryption key) is to restore from backup. For more information click here.
If you need assistance with your network security and back-up systems please email firstname.lastname@example.org .