Several recent outbreaks in the ransomware CryptoLocker have left organisations, businesses, schools and individuals in chaos. Ransomware has been around for quite some time with first reports of it originating in mid 2000. However, recently CryptoLocker left the NHS, FedEx and Germany’s rail operations out of action. To avoid attacks ourselves, it’s of most importance to understand what ransomware is and how we can stay protected against it.
So, what is ransomware? Ransomware is a form of malicious software through which hackers encrypt files within a device. The malware can completely lock a user out of a device or can latch on to files rendering whole data systems inaccessible. With only the hackers being able to decrypt the files they seize, we’re left locked out. With a device and its contained files taken hostage, cybercriminals hold you to ransom demanding payment in order to obtain the decryption key and regain access. This leaves victims hopeless and succumbing to hackers demands with no guarantee of resolution.
The malware demands payment within a given time, with failing to meet these demands leaving files permanently encrypted and unusable. In the off-chance victims regain access, they’re left feeling vulnerable knowing there’s a possibility that it could happen again. The amount of payment varies dependant on the demand given and exchange rate of cryptocurrencies such as bitcoin. Hackers tend to demand payment via bitcoin addresses instead of bank accounts as they are not directly addressed to any individual, leaving hackers anonymous.
How does it infect? The malicious software is often attached to emails, disguised as innocent files with unsuspecting users opening attachments from what seems to be a genuine sender. Likewise, victims can be lead to a link and conned into downloading something by mistake. Once downloaded, the malware can then scan through an entire network encrypting data file by file. The malware can encrypt many devices and servers on a network whether they be physical or virtual.
Like all viruses, ransomware mutates, often becoming more intelligent in the methods it infects. Just as hackers continuously manipulate their code for attack, developers fix vulnerabilities with update patches, meaning staying up to date leaves us most protected.
Prevention: When an IT system is being monitored, it’s often easy to stop an attack mid process. However, an individual may not have such success, not noticing the attack is even happening until total lock-down arises.
Ahead of all methods, backing up data is of most importance. If the worst happens, by creating a fail-proof backup system you can resume business and be back up and running with little downtime. To achieve the best protection, quality antivirus software, web browsers and plugins should also be kept updated.
As previously mentioned, it’s vital to keep up to date ensuring operating systems are running the latest versions and patch releases. Older machines running early operating systems are most vulnerable to the attacks, especially devices running operating systems that no longer receive priority support.
Within a company, it’s worth training employees on how to identify potentially damaging files. Thinking twice before opening something suspicious can often put us in the best position to staying protected.
We offer a variety of fully disaster recoverable backup solutions and network managed anti Ransomware / CryptoLocker policies to protect your business. Contact 101 IT today to speak to one of our team who will advise you on data protection and prevention from Ransomware / CryptoLocker and how to recover lost data should the worst happen.