For decades, antivirus software firms were playing catch-up games with virus authors. Now and again, somebody would come up with a malware that does not match the signature of any known virus types. It would be capable of doing its nasty work for some time; however it would eventually become known to cybersecurity researchers and would be spotted by antivirus software after one of its routine updates. In the worst-case scenario, a system reset would be required after malware infection, but any important files would still be recoverable from the infected machine. Not so with ransomware.
This type of virus became widespread just a few years ago. Once on the system, it will run a script that will scan your hard drive and any other connected storage devices and will encrypt any documents and media files it can find, so they will not be usable by anyone. This process is performed by looking for specific file extensions. Once this task is complete, a message would be displayed to the user that the decryption key would be provided if a significant amount of money is transferred to a particular account.
Encryption used by ransomware is usually strong, so attempting to decrypt the files yourself is usually not an option. Some types of ransomware have various bugs that would allow experienced professionals to reverse-engineer them and find out what the decryption key is. Well-written varieties, on the other hand, leave even the most experienced security experts baffled so, once the encryption process has been completed, it is practically impossible to reverse it without either restoring the system from the backup or paying the ransom. Therefore, even if malware is completely removed at this stage, it is too late.
The most common method of distributing these types of malware, just like with most of malware types, is via email attachments. Recipients are made to believe that they are obtaining something noteworthy, while they actually download the virus by opening the attachments.
Ransomware causes extreme inconvenience for individual computer users; however the most damage is done at enterprise level. It is possible that a user with administrative access to a large chunk of the enterprise network may unknowingly download the virus and this is when every single machine on this network may become infected. In this case, the ransom of several thousand US dollars may seem like a drop in the ocean compared to the cost of all encrypted business documents that may be worth millions.
So, if these viruses are so dangerous and the damage that they cause is irreversible, what can you do to protect yourself? Also reversing the damage is almost impossible without a cost, prevention is not very difficult. Below is the list of common-sense things that you can do, starting from the most effective:
1) By far, the best method of protecting against ransomware is to assume that any potential user of a particular computer or any other computer in a network may be susceptible to social engineering used by cybercriminals. Therefore, update the most important documents on a non-network external storage on regular basis. Network drives or any storage drives that happen to be connected to an infected machine will also have their files encrypted, therefore ensure that the back-up drive is physically disconnected once the backup process is complete.
2) Read about the best cybersecurity practices and spread the knowledge within your organisation. Don't click on the links or open any attachments in unsolicited emails. Carefully check the URL of any web forms before entering login credentials on them. Don't navigate to any sites you don't trust. Don't download any software, unless you definitely need it and can verify that the download comes from a trustworthy web page.
3) Have a copy of your most important documents and change the file extensions to either something random or something that would make the files look like executables (e.g. .dll, .exe, etc.). Ransomware would look for all files with specific file extensions, as it would be within the best interest of ransomware authors to keep your system fully operational. Most ransomware target documents (e.g. .docx and .pdf), media files (e.g. .mp3 and .avi) and various files used by professionals (e.g. .cs and .html). Therefore, any operating system components or files with random extensions are likely to remain intact after an attack.
For more information, follow this link:
Published by Mobile Tech Tracker
Posted on 28 Oct 2016