A relatively new phenomenon involving malware and viruses is ransomware, where malicious outsiders implant a program in your computer that can prevent you from accessing your operating system or using your files. The hackers then demand a ransom in the form of payment to an account they designate to restore access to your system and files. First seen in Russia, the practice has since spread worldwide, with ransomware costing organisations millions of dollars per year in payments. This executive summary describes the different types of ransomware and outlines steps you can take to protect your valuable IT assets from the practice.
Ransomware - Information And Protection Guide - Executive Summary
1. 1
RANSOMWARE –
INFORMATION AND
PROTECTION GUIDE
EXECUTIVE SUMMARY
A relatively new phenomenon involving malware and viruses is ransomware,
where malicious outsiders implant a program in your computer that can
prevent you from accessing your operating system or using your files. The
hackers then demand a ransom in the form of payment to an account they
designate to restore access to your system and files. First seen in Russia, the
practice has since spread worldwide, with ransomware costing organisations
millions of dollars per year in payments. This executive summary describes
the different types of ransomware and outlines steps you can take to protect
your valuable IT assets from the practice.
Types of ransomware
• The various types of ransomware typically perform the following functions:
• Keep you from being able to access your operating system (such as Microsoft Windows or
Apple OS X)
• Prevent certain apps from running, for instance your web browser
• Encrypt files making them inaccessible
• Continuously block your screen with unwanted advertising messages to try to get you to buy
“anti-virus” or “security” software in order to stop the spam
The two main types of the malicious software are called “crypto” and “locker” ransomware.
The crypto version encrypts files, while the locker version prevents you from accessing the user
interface. Ransomware is essentially a form of denial-of-access (DOA) preventing users from
gaining access to their computers and the files on them. It typically is implanted on a computer
2. 2
by a Trojan, which is a form of virus that appears to be an ordinary file but is in fact malware that
injects its payload into the host computer.
Protecting yourself from ransomware
Whilst using a firewall and anti-virus software is recommended, relying on these measures
alone to protect against ransomware can be dangerous as new ransomware software is being
developed all the time.
To protect against ransomware, the following steps are recommended:
Update your operating system and all software regularly: Most anti-virus (AV) software
programs can recognize and block most types of ransomware. To ensure that your AV solution
is equipped to deal with the most recent ransomware developments, check your settings to
make sure that it is set to auto-update. You should also make a point of regularly updating your
operating system to help avoid being infected with ransomware due to security flaws in older
operating system versions.
Backup all computers and mobile devices on a regular basis: To provide the most
comprehensive protection against ransomware, make sure you backup all vital files to a backup
system which is not directly linked to your system on a continuous basis.
Backing up to a cloud solution offers the dual advantage of providing physical security for your
data, as you don’t have to worry about protecting your data by locating your backup disk drive at
a location separate from your main computer system.
In the event of a ransomware attack that encrypts your files, you can then restore your files from
the backup location.
Utilise Restore points: If you are using a Windows system, it should be set up to maintain
“restore points” which the system can be rolled back to if necessary (this setting is on by default
in Windows 7 and later). However, you should be aware that some ransomware can delete restore
points in Windows.
Virtual snapshot and virtual desktop infrastructure: Another option for protecting your system
from ransomware is to use either virtual system snapshots or virtual desktop infrastructure (VDI).
These options are more expensive than those previously mentioned, but have the advantage
of providing robust business continuity protection from a variety of risks for your company in
addition to ransomware, including system outages, equipment theft, data corruption and other
major system incidents.
3. Contact your Bright representive today for more information:
333 Latimer Rd, London W10 6RA | 020 3031 9500 | sales@bright.co
Dealing with a ransomware attack
If you experience an attack by ransomware, check to see if you are able to access your
computer’s files and folders, such as those in the Documents and Pictures directories. If you are
unable to bypass the ransom note, you are facing a locker ransomware attack. If you are able to
navigate on the screen, but files are encrypted, you are dealing with a crypto ransomware attack.
In case of a locker ransomware attack: First reboot the computer in Safe Mode by pressing
both the power button and S key on the keyboard simultaneously. Once the computer has
restarted, run your AV software to see if it will remove the ransomware. If the AV solution is
unable to remove the ransomware, perform a System Restore if you are using Windows to
restore the system to the most recent “safe” point.
In case of a crypto ransomware attack: Download and run Kaspersky Ransomware Decryptor,
which is able to decrypt locked files in certain cases if the type of ransomware used is covered
by the solution. You can also try another tool from FireEye and Fox-IT which may be able to help
recover files encrypted by the Crilock ransomware program. If this does not solve the problem,
check your backup data to make sure that it is sufficient to allow full recovery, and then overwrite
the files which have been encrypted with the unencrypted backup files. In cases where you don’t
possess acceptable backup files, you may be faced with deciding whether to pay the ransom to
regain access to your files.
Conclusion
The chance that your company’s computers will be infected by ransomware can be significantly
reduced by taking the steps listed above. Given the prevalence of this malware in recent years,
and the damage such programs can inflict, making sure that you have thoroughly reviewed your
IT system settings and operational procedures to repel such programs is highly recommended.