Simply another type of computer virus, spread by users unwittingly allowing a program to install itself on their computers. What makes it special is that it locks you out of your documents by encrypting them, and asks for money to decrypt them so you can access them again.
Unlike other viruses, you can’t just run a scan to fix things. Your personal files are encrypted and your anti-virus program, no matter how good it is, doesn’t have the key to unlock them. In fact, the whole point of encryption is to prevent 3rd parties from getting to files; remember the Apple vs FBI story, or the recent WhatsApp being used by terrorists thing? Even if you had the best IT brains in the world, chances are you won’t be able to unlock the files, because the “key” is held by the attacker, and it’s unique.
The attacker will of course offer you a way out; a one-off payment via BitCoins (very easy to do nowadays) will get you the key. Their business model – if you can credit malicious organised criminals with such – is to make the ransom amount realistic; £200 or so. They are likely to honour the deal too, because they want to make money out of this and consumer feedback is everything these days. Sickeningly conniving.
Might as well just throw away my computer now then?!
Not if you have a backup of your files. Apart from paying your way out, the only other option is to roll back to a time before the infection, using a recent backup. In bad cases you will need to restore your entire PC, depending on what files it encrypts. It can take a long time, but it will work as long as your backups have been running.
You would be amazed at how often backups are overlooked. Most people appreciate the importance of them, but when was the last time you tested it was working? How far back in time can you go? Are all your files covered, or only certain folders? Do you actually know how to recover files if you needed to?
We’ve heard many horror stories of people having to pay the ransom money to these malicious criminals to get their precious personal files back because their backups had not run properly for months. The old saying “a stitch in time saves nine” could not be more pertinent. A quick calendar reminder to yourself to check these things once a month, fortnight, week – whatever you need it will be time very well spent in the long run to avoid this screen meaning game over for all your data:
So what can I do to protect myself in future?
We’ve provided straightforward advice and practical guidance in our Malware white paper on the Ethical IT Knowledgebase for starters; this is completely free, no sign up or personal information, so please read it, share it, spread the word. Knowledge is power!
To summarise, it’s important to know that all viruses require the user to give them permission to deploy themselves. People don’t intentionally kill their computer (unless they are having a really bad day), so this happens by mistake. Hence the most popular routes in are via fake email attachments, or injecting genuine looking links or adverts on infected websites with the virus. The best form of protection then is to never use email or the internet and go back to pen and paper.
The luddites would love that idea, but in reality there are a few simple measures you can take to help reduce your exposure:
1. Run Windows Update and always install updates and patches; do this at least once a week. There are thousands of developers constantly working on the software you use to keep it safe. Use them, don’t ignore them!
2. Make sure the day to day account you use on your computer is a “Limited” account, meaning you cannot install new programs without giving explicit permission and putting in a password. This means unauthorised programs cannot install themselves silently in the background.
3. It goes without saying that good virus protection is essential. Check the market place once a year to see what program is top of the league tables; don’t just stick with the same old anti-virus. The quality of protection rises and falls among competitors so a little research can go a long way to keeping you ahead. There are some great review sites here and here you can quickly compare current products.
What’s the single most effective weapon against malware?
Knowledge. Awareness of what to look for in a fake email (see our handy Spam article for help here). An understanding of what pop-up is fake or what advert is illegitimate. or yourself and your staff, so they can spot spam emails or fake adverts on websites and thus never click or open them in the first place. There are lots of articles such as this one that explain ransomware in non-techie detail, and we are more than happy to help give some group training sessions to your teams to help them arm themselves with the knowledge to avoid risk of infections like ransomware or any other virus for that matter.
Finally, we cannot stress enough the importance of making sure you have backups of your files. This goes without saying of course – regardless of ransomware or viruses or spam – but you would be amazed how often this is overlooked. Backups also need to be tested at least twice a year to make sure they are actually working; again this is very often forgotten, so when the time comes to restore there is no data there!
Please do have a read of our White Paper on this rather hot topic, and feel free to get in touch with our security team if you wish to discuss this further – we can help you audit, set up and test your Backup Strategy, and provide tools and advice to help secure your IT and minimise your exposure to this new type of threat.
By EIT|2017-07-06T13:16:17+00:00May 1st, 2017|Blog|