Ransomware protection — tips

 Computer  Comments Off on Ransomware protection — tips
May 302017
 

Ransomware has been much in the news since the WannaCry attack on May 12, 2017.

The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The attack started on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.

Best practices to guard against such attacks apply to both personal and business computers. In particular, that you keep the Microsoft Windows operating system up-to-date (Windows Update). Also, as mentioned previously, many of these attacks start with hacking your “head” rather than your hardware — your PC — via targeted phishing email messages.

This Malwarebytes Labs blog “How to protect your business from ransomware” post has a useful summary infographic on this topic. The Adobe Acrobat Reader DC (PDF) version is included below.

mwb_blog_ransomware-infographic

Apr 052016
 

Already this year there’s been a lot of news about ransomware, a particularly nasty type of malware. Stay informed and follow best practices to protect your PC and personal data from this threat. Here’re excerpts from an alert by the United States Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, published on March 31, 2016.

In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.

The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.

Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
  • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

The US-CERT article discusses preventive measures. Often the only recourse, however, is to restore your system and personal files from a backup. In particular, from an off-line backup, since ransomware can encrypt other internal drives, attached (USB) backup drives, and network storage drives.