You may have heard about the recent ransomware outbreaks throughout the world. You’ve probably thought something along the lines of “Do I need to do anything about this?” First things first, let us understand what ransomware is.
Ransomware is malicious software (malware) designed to encrypt your files or lock you out of the operating system on your PC, essentially holding your system and data for ransom.
Once the software has infected your system, you will normally receive a ransom note like the one below, providing details for you to pay a sum of money on the promise that your data will be restored.
The ransom note will require payment to decrypt your files, and in the case of Petya and WannaCry this was in the form of bitcoins, an untraceable cryptocurrency. It is important to note that even if you do pay the ransom there is no guarantee that your data will be restored. The advice from authorities and security advisors is to never pay the ransom fee.
“One– in–five users that pay a ransom don’t get their files back”
- Kaspersky Labs – Consumer Security Risks Survey 2016
Each piece of ransomware software is different and will use new and different ways of infecting and spreading the virus.
Some of the most common ways are a computer or device becoming infected are:
Spam emails containing links to malicious websites or attachments with malware embedded that when opened or clicked installs the malware on the device
- Deliberately malicious websites that when visited installs the malware on the device
- Drive-by downloads - happens when a legitimate website is maliciously infected and again when visited installs the malware on the device. For example, in 2013 the NBC website was hacked so each person who accessed their site to innocently catch up on their favourite TV show ended up having the malware embedded in the website download, install and run malicious software without any of the usual pop-ups or warnings you’d expect. This can only happen if there is a bug in your operating system or browser. These are called exploits
More recently, ransomware strains like WannaCry have been made to spread across a network after an initial infection occurs. This is a much more aggressive and concerning aspect of the virus as it only takes one user on a network to potentially infect everyone!
Counter measures and protecting your systems
It is important to consider how can you protect your computer and devices and prevent it from infecting your devices, or if infected, reduce the effects of such attacks.
Some best practice approaches include:
- Maintain an up-to-date environment with the latest, both software and operating system updates and patches. Software companies typically release fixes for exploits very quickly when they are found to stop these sorts of problems and installing these as soon as possible is an effective way to protect yourself
The WannaCry outbreak used an exploit that Microsoft had already released updates to patch. Organisations and individuals who were affected by this were ones that were yet to install the patch released in March
- Maintain up-to-date antispam and antimalware software to prevent malicious emails from being received by unsuspecting users
- Do not open suspicious emails, do not download or open attachments or follow links provided in emails that look suspicious. If unsure, delete the email. Most legitimate senders will resend the email if they haven’t received a response or contact you via another method, e.g. phone call.
Research published in August 2016 by Osterman Research, Inc. shows that the point of ingress for ransomware in 59% of cases, was through email links and attachments.
- Take regular backups of your files to an external source that is not connected to your network or device. This is so that if your device is infected you are able to restore your valuable data. It’s also recommended that you have a second backup of important files hosted in the cloud that is able to store multiple versions of files over a period of time, rather than just the latest version. This is so that if the infection is only noticed after a day or so, you are still able to recover your data from before the data was encrypted.
Additionally, in a business environment, you can take the following precautions.
- Put in place software restriction policies, these can be used to stop users from running applications, knowingly or unknowingly, from specific locations on the PC where typically malware will attempt to execute
- Enforce that end users cannot download “.exe” files and all files are antivirus scanned upon download
- And probably most important, educate users on how to recognise potentially compromising emails and suspicious web activity
We hope that this blog post has been a helpful insight into what ransomware is and how you can effectively protect yourself from this unnecessary evil!
Subscribe to our newsletter here to keep up to date and get new blog posts like this straight to your mailbox.
About F1 Solutions
For over 23 years F1 Solutions has been building quality software solutions for Federal and State Government departments, small and large not-for-profits, and businesses in Canberra and across Australia. We also provide organisations with trusted IT support and advice, as well as a range of other services.
- IT Support
- Cloud Backup