Prevention and Detection of Ransomware

What Is Ransomware?

Ransomware is a type of software that was designed to block access to a computer file or system within your company until a certain sum of money has been paid to unblock it.  In simple terms you could refer to it as somebody holding your entire business hostage until you pay up!  It is a malicious extortion of funds from your business and it very traumatizing for the people or business involved.

How Does Ransomware Spread?

Ransomware if more than often spread through phishing emails containing malicious attachments or through drive-by downloading.

Emails

Once an infected email attachment has been opened the ransomware is normally immediately deployed.  Sometimes, however, an attacker may wait a few days or even months after infection before they encrypt the victim’s files.

Drive-by downloading

This is when a user visits and infected site and unknowingly downloads and installs malware.

How Serious Is Ransomware?

Ransomware can literally ruin your business by locking you out of your own files.  Just one day of being locked out of your computer systems can wreak havoc on your day to day revenue.  Some Ransomware can take its victims offline for weeks or months causing even more damage and devastating losses.

Who Is a Target for Ransomware?

Most Ransomware victims are big businesses and organizations while other times the attacker may simply see an opportunity and take it by attacking an institution such as a school of university.  The reason for these smaller attacks is that these institutions have smaller security teams and often make use of user bases that involve file sharing thus making it a lot easier to get through their defenses.  There are some organizations that pay up very quickly as they need immediate access to their files in order to continue running.  Government institutions, the financial sector and law firms for example have sensitive data loaded onto their systems and are willing to pay the attackers very quickly so as to not have any of their information leaked.

How to Prevent Ransomware

There are a few steps that a business can take in order to protect against Ransomware infection:

  • Always keep your operating systems up to date to eliminate any weaknesses.
  • Do not install software that gives administrative privileges unless you know exactly what software you are using.
  • Install antivirus software
  • Back up your files often and automatically to make sure you have a back-up of all your files in the case of ransomware infection.
  • Make us of software that ensures protection against ransomware and has excellent backup and archiving solutions.

Ransomware Removal

Once your PC has been infected with ransomware you are going to have to try and gain control of your PC by doing the following:

  • Reboot your Windows to safe mode
  • Install antimalware software
  • Scan your system to find the program that has infected your computer
  • Restore your computer to a previous state

Unfortunately doing this will not decrypt your files as the malware is extremely sophisticated and the unreadability of your files has already happened. It will, however, at least remove the malware from your computer and enable you to restore your control over it.  It is important to remember that removing the malware before paying the ransom could mean that the possibility of restoring your files is going to be impossible as you would have removed the access to the key that the attacker has to unlock your files.

Ransomware Facts

Ransomware is a lucrative business and has expanded very quickly worldwide.  In 2017 it was reported that ransomware had caused $5 billion in losses resulting from the ransoms that had been paid and the time that had been lost while recovering from the attacks.  Anti-malware software is not guaranteed protection against ransomware as it is constantly being upgraded by its developers to stop it from being detected by standard anti-virus programs.  Sadly, up to 75% of companies who are running up to date software to protect against ransomware still fall victim to its merciless attacks.

Ransomware Examples

Due to the implementation of untraceable payment methods ransomware attacks have risen in the past few years.  Some of the worst ransomware attackers to date have been:

  • CryptoLocker was a 2013 attack and infected up to 500,000 machines.
  • TeslaCrypt targeted gaming files and consistently improved and evolved.
  • SimpleLocker was the first widespread ransomware attack and infected mobile phones.
  • SamSamwhich started in 2015 targeted healthcare organizations.
  • Lockystarted in 2016 and was an attack on Dridex software that was used by banking facilities.
  • Cerber appeared in 2016 and took advantage of a Microsoft vulnerability by infecting networks.
  • Leatherlockerwas discovered in 2017 in Android applications and would lock the home screen to prevent access to data.
  • Wysiwyewas also discovered in 2017. This malware tries to steal RDP credentials to spread across the network.
  • GandCrab was found in 2019. Their modus operando was to sell programs to cybercriminals, and they managed to claimed more than $2 billion in ransom pay-outs.
  • Thanos the newest ransomware was discovered in January 2020 and sells ransomware as a service. It can bypass most anti-ransomware software.

Can You Recover Ransomware Encrypted Files?

Ransomware encrypted files can be recovered by using certain specialized software.  This software scans your drive and recovers ransomware encrypted files and allows you to scan certain files to narrow down the search. There are also specialized data recovery professionals who can help you to recover your files.

At Hamilton Computer Repairs we are dedicated to professional service and quality computer repairs. We are able to get your files back when all seems lost! Call or bring in your device so that we can assist you or talk to you about your options.  We realize that life happens which is why we also offer house calls for those who have full time jobs and no extra time to get out of the office. With our office conveniently located in Worcester, MA we’re a locally owned business with fast repair times and reliable services. Please contact us for a consultation or a quote today!