The last few weeks have marked a particularly aggressive push by cyber-criminals with several high-profile instances of large-scale ransomware attacks.
What is Ransomware?
As the name suggests, this type of computer virus exists to extort money from unsuspecting individuals and corporations. It is a pernicious form of malicious software (Malware) which, when activated, targets and encrypts your important data-files (documents, photos, spreadsheets, etc.) both on the local computer, and any attached drives (USB thumb-drives and hard disks, Network Drives etc.); effectively locking and encrypting them until you pay a hefty ransom to secure a decryption key.
In one form or another, this type of virus has been around since the late eighties but returned with a vengeance in 2013 in the form of CryptoLocker, followed in 2014 by: CryptoLocker.F, TorrentLocker and CryptoWall. CryptoWall alone accounted for some $325 million USD in damages and over 400k attempted infections in 2015, according to a report by cyberthreatalliance.org
Generally, if your computer gets hit by a ransomware virus, and your files get encrypted, then the data on it is gone; and unless you had a backup taken prior to the virus sinking its claws in, there is no way back.
Ransomware is indiscriminate impacting major corporations, small business, and individuals across the globe, with two recent high-profile instances in US hospitals claiming $17,000 USD and $18.500 USD respectively.
Locked Out by Locky
The most recent example doing the rounds in Australia is called Locky, and is being distributed via fake Australia Post and Australian Federal Police email scams with a malicious attachment. If you open the attachment, the hidden code delivers its payload and triggers encryption of your files.
Below are two examples of emails that we received in the past few weeks which contained the Locky virus. Both purport to be from Australia Post, and both are scam emails, neither of which managed to deliver their payloads due to careful handling and effective Internet Security; but I am including them here so that you know the enemy and can protect yourself.
Think your safe on a MAC? Think Again
Recently a virus called KeRanger hit the headlines, as the first ransomware to successfully target Apple MAC Computers. KeRanger lays dormant on infected systems for 3 days before starting to encrypt files; and was distributed via an infected version of an open source BitTorrent application called Transmission.
Should you Pay?
FBI advice to companies hit by ransomware is to pay up as the software is so sophisticated that it is impossible to remove the encryption unless you have the software key.
In my view, it really depends on the value of the data to you. The trouble is when it comes to ransomware you’re dealing with criminals, hardly the most trustworthy of individuals; and even if you do pay there is no guarantee your files will be unlocked, leaving you out-of-pocket and without your data.
6 Ways to minimise the risk of Malware
- Do not use an Administrative account, and setup a Restricted Account for your day-to-day Computer activities. With an Administrative account you’re effectively handing your keys to whatever malicious software managed to infect your system.
- Install best-in-class Internet Security, keep it up to date, and take advantage of the Site Advisor to steer you away from suspect or risky websites.
- Avoid File sharing / Torrent Sites. Sure you might pick up a FREE illegal movie but the added Malware extras that often come bundled can be very costly to remediate.
- Only download applications from the manufacturers website (and watch for spoof sites that pretend to be manufacturers sites)
- Do not open Emails / Attachments from people you do not know, just delete them.
- Switch your Email client to Text Mode to disable HTML links, sure it won’t look as pretty but you’re far less likely to pick up malicious software.
Read our guide, 10 Tips to Minimise the Risk of Malware, for more advice on avoiding virus infections.
Protect against Ransomware
By far the best protection you can have against this type of virus is a reliable and tested backup strategy; and we’re not just talking about having a single backup here. Viruses such as this are particularly insidious lurking in the shadows until your files are encrypted and you get the big announcement; at this point it is too late to do anything about it and your files have already been locked down.
Reliable Backups
Backup drives should be stored offline (i.e. not plugged in) unless they’re actively backing up. Your backup(s) will be rendered useless if you leave them connected to your computer and they get scrambled by a ransomware infection.
This type of malware is constantly evolving and, the real challenge these days, with dormancy being built in means that you don’t really know when the infection set in; and could easily restore a backup where the virus had already invaded and is dormant, only to find it reactivating on you a few days or weeks later.
Enhanced Protection
Some Internet Security products, now ship with ransomware protection which has been designed to prevent unauthorised applications from making changes to your important files. It works by monitoring your documents, pictures, cloud storage, and other nominated folders; and ensuring that only Trusted applications can make changes to files in these locations.
Recovering from Ransomware
The reality is that, if you have been hit by ransomware and your files have been encrypted, then they’re lost. Your best way back is to restore from a clean, viable and tested backup that was taken before the malware infection hit.
Selective recovery from Backup
When recovering from ransomware, and if you’re not confident about the integrity of your backup, I recommend a full factory re-image which will set your computer back to out-of-the-box state; and then re-install your applications and a high-quality antivirus solution. Finally, do a selective restoration of your data-files. You need to be very careful restoring backups, when recovering from a ransomware attack, to ensure you only restore data files and no hidden programs. NOTE: Any files created since your last backup will be lost.
No Backup, No Recovery
If you don’t have a backup then the best you can do, to get your PC functional again is to restore your computer to Factory settings, re-install all your applications and start again (with some Decent Internet Security). This should only be done as a last resort as you’re pretty much waving goodbye to your data forever.
____________________________________________________________________
Don't forget to LIKE and Share if you found this article interesting and remember that dealing with ransomware is not for the feint-of-heart and I would strongly recommend that if you're hit by this malicious virus that you engage the services of a skilled IT Technician, such as Excalibur IT who specialise in Virus & Malicious Software removal, to ensure the best outcomes.