Friday, March 25, 2016

Ransomware: The What? The Where? And The How?


Ransomware and other variants are on the rise, but there is hope to limit the impact of this threat to your company and its assets. In the this article we will be discussing what ransomware is and what it does; where the infection comes from and where it goes after it is deployed, and finally, how you can prevent this type of threat from taking a large toll on your company’s production time.

The What?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The most common of these is Crypto variants that travel through a system and encrypt its files causing them to be unusable. The encryption type used makes it improbable for anyone to break the encryption without paying the ransom. No one is safe from this infection. Although “Crypto” is predominately seen on Windows systems, recently it has been showing up on other operating systems, as well. In fact, since it can encrypt any file that the system has access to, this includes network shared files. Once attacked, it will sync up and modify all the files across the system and prevent anyone from accessing them.

The Where?

The majority of ransomware appears to get deployed through malicious email messages with attachments containing the virus. These messages look legitimate, and once opened on the system, will wreak havoc in a matter of seconds. Ransomware can also be deployed through drive-by downloads, which happens when a victim visits a compromised website. It will exploit by attacking unpatched software on the system. The least common method is deployment through a USB drive where the drive contains the ransomware and infects the system upon plugging it in.

The How?

  • The number one way to be prepared for this type of attack is to have backups of all critical systems and data, and have those backups tested and verified on a regular basis. Once ransomware attacks, the only method of saving the systems and the data is through a full system restore. There is no way to decrypt the affected files, and no software will reverse it. The only recourse is to restore from backups. 

  • The next way to be prepared is a bit more obvious. Have an anti-malware software deployed on all your systems, and make sure it is up-to-date and actively scanning, using behavioral analysis or some other form of heuristic scanning. 

  • Thirdly, ensure that all your systems are up-to-date on security patches, and that you have a way to report on systems that fall behind with a method of patching on-demand.

  • Look at incorporating SPAM blocking or scanning on your network to prevent the likelihood of these exploits passing to your users. All employees should be educated and told to be diligent in analyzing the messages they receive. They should only open emails they are expecting and only when they know the sender. Beware of attached files in emails!