Understanding Cyber Crime – Ransomware

‘Ransomware’ refers to a type of malware designed to force payment from victims using various means of coercion – usually file encryption or system disablement.

File encryption is the most commonly used method; malware infects a user’s computer and encrypts files before a message is displayed demanding payment within set timeframes, often accompanied by a threat of permanent deletion. Experiencing an attack of this nature can be extremely alarming and panic-inducing, particular for businesses for whom data loss could have profound consequences. Under such circumstances a large proportion of victims pay the ‘decryption fee,’ but with no guarantee that the criminals will relinquish control, the best defence against ransomware is to avoid it getting onto your system, to begin with.

What does Ransomware look like?

The factor common to all ransomware attacks is coercion, however, the exact tactics used by ransomware criminals vary.

Screen Lockers

Screen lockers work by making your computer unusable rather than encrypting file libraries. You’ll try to log in to your user account only to be confronted with a message demanding payment in order to restore access. The message may be accompanied by threats and time limits in order to induce further panic.

Crypto Ransomware

As the name suggests, Crypto Ransomware programs encrypt files stored on a device in order to force victims into paying a decryption fee. Such attacks are never discreet in terms of their execution, and often feature bold, attention-grabbing pop-ups containing emotive language and threats intended to panic the victim into submitting to their demands. Occasionally, threatening and coercive language alone is used, and file encryption is never actually carried out, although this applies to a small minority of cases.

Doxware

This particularly sinister form of ransomware couples file encryption with a threat to release sensitive data into the public realm. Doxware attacks are often carried out against prominent public figures, celebrities or other high-profile targets for whom the release of private information could be personally devastating. Doxware attacks are more lucrative for hackers than other forms of ransomware simply because the stakes are higher for the victims.

Scareware

While not technically classed as ransomware, Scareware uses similar forms of manipulation in order to extract payment from victims and instigate malware intrusion. Scareware presents itself in the form of pop-ups encountered on malware-infected websites. These pop-ups normally contain a message urging users to take action against some sort of imminent threat (usually computer viruses). Victims are offered some sort of remedial software that promises to remove the viruses for a fee.

Not only will you be paying a fee to counter a non-existent threat, but the so-called ‘anti-virus’ software is also likely to be malware, possibly even a more harmful form of Ransomware.

Protecting your Business against Ransomware

If you fall victim to a Ransomware attack the course of action you should take depends on a variety of factors and it may be best to seek professional advice before proceeding with any course of action in order to minimise damage to your business. By far the best safeguard against Ransomware is to keep it out of your network altogether.

• Use Threat protection measures. Deploy a suite of technical measures to guard against malware intrusion at various points of entry. Look for threat protection software suites that incorporate anti-virus protection (to deal with present threats) as well as other tools designed to prevent intrusions such as firewalls and email filters.
• Develop a comprehensive Backup strategy. Backing up data is a topic of discussion in its own right but as a basis, ensure vital documents and systems are copied to at least 3 locations, one of which should be off-premise. Without effective data backup, it may be impossible to escape from a Ransomware attack unscathed.
• Properly maintain software and operating systems. Ensure you’re always running the most up-to-date versions of software and operating systems, and install security patches promptly after they become available. Diligent system maintenance will help sure-up security vulnerabilities in software.
• Be careful with email attachments and embedded links. Despite advances in email security over the years, it remains a common point of entry for malware. Always carefully verify the sender’s address whenever you receive an unexpected email containing attachments or embedded links and avoid ‘enabling macros’ to view such attachments.
• Use Cloud services to communicate and share documents. Making use of cloud-hosted storage and collaboration platforms can be useful for reducing reliance on email.
• Don’t pay…at least not right away! Submitting to the request for payment may seem like the easiest way out of a very sticky situation and in about a third of ransomware attacks this the chosen course of action. However, there is no guarantee that the criminals will stick to their word and in many cases the hackers pocket the fee and never restore files or system functionality.

We’re Cloud Nexus

We’re Cloud Nexus and we believe that technology should make life easier, not harder.

We help people move to the cloud, secure their data and work with customers in awesome new ways. We’ll get to know your business and create the most appropriate solution to meet your technical requirements while being commercially sensible in cost.