Ransomware and 6 preventive measures to consider

Ransomware has been around for a long time, the first notable example of which dates back to 1989. Essentially it is malware which blocks access to a computers / files / attached network storage in order to request a ransom to regain access. This type of threat while existing for a long time has come to prominence in recent years and is important consider in any IT security planning.

Introducing scareware

Ransomware can deliver payloads of scareware, which present itself on a computer in order to scare the user into submitting to on screen demands. These demands typically try to extort money from an individual or company whose computer is compromised.

Main types of ransomware

Encryption– Generally this type of ransomware encrypts the files on a user’s computer and has the potential to also do the same with files the user has access to on a network, which prevents them being accessible.

Ransomware category examples and dates of outbreak:

Cryptowall 3.0 – 2014/2015

CryptoLocker.F and TorrentLocker – 2014

CryptoLocker – 2012

Non-Encryption – This type of ransomware can restrict access to, for example the user’s operating system. It can also issue threats to the user of the system, for example falsely accusing the user of counterfeiting Microsoft Windows licensing and requesting funds to resolve the issue. There have also been ransomware which poses as a government agency and threatens to expose the crimes of a user which they most likely have not committed.

Ransomware category examples and dates of outbreak:

Reveton – 2013

WinLock – 2007 / 2009-2010

Impact of ransomware

Not only can a user be locked out of their own system and have their files encrypted, but this threat also has the potential to infect network drives, where the user has read/write access. If this is a business file share that is essential to the operations of your business, operations could rapidly grind to a halt.

An example:

When a user is infected, the ransomware may encrypt files on the user’s computer, so they are useless to anyone but the owner of the key to unlock them. The ransomware can also potentially find shares on a network with files the user has read and write access to, which can also be modified and encrypted.

Collection methods

Ransomware uses a number of methods to collect funds including but not limited to the following:

• Wire transfer.
• Online payment gateways.
• Online payment voucher service including Ukash or Paysafecard.
• Digital currencies such as Bitcoin.
• Premium-rate text messages.
• Premium rate calls.

Preventive measures

1. Planning: Good planning from your IT support can lead to all of the below preventive mechanisms being implemented in a way that will significantly reduce your chance of having problems with ransomware.
2. Backups: The best way to ensure your data’s integrity is to make regular backups.
3. Antivirus/Anti-Malware/Other Prevention Software: Using these measures can assist in blocking a ransomware threat before it is too late.
4. Updates: Making sure software is always up to date such as flash, java etc can prevent.
5. Isolation: If a computer is infected it is important that your IT support identify it quickly, unplug the network cable and shut the computer down. This is essential as if a computer is compromised it could be spreading itself through the computer and the network to which it is attached.
6. User training: Getting your IT support to train users is also an important way to make sure that the threat is understood and caution is taken to prevent infection.

It is true that a backup is only as good as the date it was created, and Antivirus/Anti-Malware/Other Prevention Software may not be able to catch every threat, so it is important to consider the possibility of ransomware in your IT planning. Having good IT support who can isolate any threats quickly, as well as educate users to be cautious when web browsing or opening email attachments is essential.