You may think that the latest and greatest forms of software intrusions have gone, but in truth the struggle of keeping your data and files safe lives on.
Just when you thought it was safe to go back into your inbox – meet crypto-ransomware. This trending cybercrime is reported to be on pace to make $1 billion in 2016.
You may be familiar with the concept of ransomware. Ransomware is an intrusion that occurs when unsuspected software is downloaded onto your computer. It enables the perpetrator to access (and steal) your data, files, photos, or anything deemed of value, followed by a ransom note demanding a financial payment in return for said information.
Crypto-ransomware is an evolved form of ransomware. Once invited in to a system via an infected e-mail link/attachment or website click, they will encrypt your files. Basically like kicking you out, moving in, changing the door locks, and refusing to let you in until you pay them. They may also encrypt mapped network drives as a whole. When this happens, they take your information or even your computer hostage.
Encryption means that access to a certain file requires a secret code – one you can’t ever hope to crack. When crypto-ransomware occurs, you no longer have access and cannot recover your data because the hackers hold the encryption keys. The only real option is to pay to get it back.
Typically, as of writing in 2016, the abduction of files, demand of ransom, and return of stolen files following payment is done by the same individual or cyber gang ‘family’. In fact, it has become like a business all of its own, taken on by people looking to make a buck off of your lack of security, outdated technology practices, or lack of knowledge.
Recently, we have explored some trending crypto-ransomware tactics used to bait businesses and people into handing over money when their private files have been compromised.
Types of Crypto-Ransomware Products
Crypto-ransomware may come in different forms, and some products can look incredibly professional, making it difficult for some to identify.
Some of the top ransomware culprits are Cerber, Cryptomix, Jigsaw, Shade, Torrent Locker, CryptoLocker, CryptoWall, CTB-Locker, Locky, TeslaCrypt, and many more; some that will without a doubt pop into existence soon enough.
Among the various cyber gangs that intend to infiltrate, they all inhabit different ways of doing so.
Types of Ransom Software
Police-themed ransomware will inform you of some personal Internet wrongdoing, claiming government authority and asserting you to the ‘source’ to correct it.
Sometimes you will receive a straight ransom note informing you that your files are encrypted and give you means to pay that ransom.
How are they getting the goods?
The process of crypto-ransomware is, as mentioned above, an unauthorized intrusion and illegal trade.
Through compromised web links or email attachments, cybercriminals can obtain access to your files and encrypt them. They make the links visually appealing and relevant to your business or interest to entice your click. The malware may be a Zip file, attachment, or exploit kit and can download to your computer or device with or without your knowledge.
Sometimes you will encounter rogue products or phishing, notifying you of a ‘virus’ that needs to be fixed, and then attempting to get you to download a solution for it. Obviously, you’ll want to avoid these tricks.
The ransom note will then be sent to you stating how your valuable files have been encrypted and you are now required to give money in exchange for access. The individual or cyber gang will assign a price and deadline, with the threat of deleting your stolen files without timely payment.
At this point, you can hope to contact them to discuss negotiations. In a case evaluation, it was found that the majority of these businesses will speak with you via email and in a customer service/provider fashion. Something you should ultimately use to your advantage to negotiate the terms.
It seems they are not without a code of honor, and people actually report being “pleased” with their customer service. It was found that it’s typical of the intruder to return your belongings promptly following payment, but it is none-the-less, a situation one would hope to not ever be in.
What to do if you’re infected with crypto-ransomware
Unfortunately, there are limited things you can do once your files are encrypted. If you suspect that your computer or system has been compromised you should:
- Disconnect Immediately – Disconnect network cables and disable wireless or Bluetooth. Unplug USB drives or external hard drives and do not click on anything.
- Determine the Damage – Check for signs of encryption on your device. If you’re a network administrator, you should investigate whether it’s had access to shared drives/folders, network storage, external hard drives, or cloud-based storage. It may be possible to revert to pre-virus versions of the files or restore from a backup.
- Research the Strain – Do some research on which ransomware you are dealing with. Some “strains” are more costly, others are more willing to negotiate.
- Know your options – Once you know what you’re dealing with and what the damage is, you determine what your best case scenario is:
- Restore from a recent backup
- Try decrypting files with a 3rd party decrypter (which is unlikely to work)
- Negotiate or pay the ransom
- Do nothing and lose your data
Protecting Files and Finances from Crypto-Ransomware
Of course, prevention is always your safest bet.
- Regularly back-up important files.
Backing up your files and storing them in the cloud ensures that you have a spare copy of important documents and content…just in case.
- Keep software up-to-date.
By maintaining up-to-date software for your computer operating system and the programs you run on it, you are gaining the most security benefits given by the software itself to avoid bugs, viruses, back doors, and other undesirable complications. Software companies are constantly working to close possible security loopholes and create a more secure system for their users.
- Implement a business security solution
IT support service providers like Warner Connect specialize in technology security for businesses, and provide customized security plans and maintenance for hardware and software. If your business is concerned about a lack of security or vulnerability of your practices, you may want to consider consulting with someone about a robust and proactive security solution that can include security awareness training and conducts simulated phishing attacks.
- Avoid spam and phishy looking content
Chances are, you’ve been exposed to some type of spam or malicious content at one time or another.Notifications of ‘prize winners’, requests for personal information, messages from unknown senders, and suspicious attachments or links should be avoided at all costs – or it could literally cost you. Sophisticated operations can spoof or clone emails and links to look completely legitimate. Clicking on or downloading any unknown item is an invitation for cyber criminals to access your information, and use it against you. If something seems suspicious it’s best to avoid it.
- Limit third-party browser plugins, and actively manage access and application controls
The more knowledge and control you have over the applications and software you use, the safer your data will remain. Limiting access to certain applications, asserting permissions before updates and downloads, and maintaining control over your system will keep you further from intrusions.
Know your risk and the file worth
With increased user awareness, intrusions and cyber theft become less common. Proactive protection and prevention is still the best policy and is what we’re aiming to arm you with.
As an IT Service Provider, our goal is also to inform our readers and customers of threats and how to avoid them, in addition to the consultation, products, and services we supply. At Warner Connect, we’re focused on the wellbeing of your business – not just your technology.
To learn more about how we evaluate and defend against current crypto-ransomware please contact us today.