Wednesday, October 12, 2016

Ransomware

What is ransomware? Software that runs on your computer that makes portions of that computer or files on that computer unavailable until a payment (ransom) is paid.

 Ransomware is very prevalent on the Internet today and will grow in usage. The threat is to business and home users alike. With the advent of digital currency (bitcoin and similar) cyber criminals can take already crafted ransomware suites, send millions of infectious emails or infect web sites with high traffic rates, and gain large sums of digital currency which is untraceable and accepted around the world. The perfect business model.

 Recent sites I've seen lure users with shocking news items (deaths of celebrities or similar) posted on social media and current news sites. Other infection vectors are used as well. Any thing that can lure users to open an attachment, click on a link, or load a vector of infection. Ransomware will then start encrypting files and folders while you continue to use your PC. Once you find you can no longer access a file, it is probably too late. Most of your files are symmetrically encrypted, previous versions are encrypted, backups might be encrypted, volume copies, any and every file that you have access to the ransomware has that access. A lot of monitoring tools will not raise an alarm as the files are not being removed, they are being encrypted. Automatic backups and archived dutifully encrypt those copies as well. The first indication most users get is a popup, email, or alert informing the user and providing details on how to pay the ransom in exchange for the encryption key,

 Then the decision to pay and perhaps get no key in exchange, pay and be flagged as someone who pays, pay and get the key, but get infected yet again.

 Ransomware if a huge profit for cyber criminals so it will be as stealthy as possible. Normal anti-malware suites will probably not catch the latest strains. Ransomware is using scripts, MS Office macros, infected PDFs, and other methods to avoid detection.

 In computer club presentations the 3-2-1 backup rule has been cited. I will suggest a slight modification, At least 3 backup methods. At least 2 different media, At least 1 manual backup. By manual backup think -- i need to manually connect the backup media, run a scan to ensure the files are uninfected, run the backup, then disconnect the backup media, Thus  if/when you get hit with ransomware you have a backup of your files the ransomware could not access. This might be enhanced by requiring a encryption key to access that offline backup archive.

 Other methods to avoid ransomware:

Do not be lured by sites or e-postcard messages that are very tempting by design, Any shocking news, links to current events (eg. hurricane Matthew).

 Keep your software to top date. Not just the OS (Windows, MAC, Linux, etc.) but also the browsers, Adobe, Office Suites, and security suites.

 Use a security suite with the understanding ransomware will avoid suites it knows about and/or disables those suites during the infection.

 Do not use the administrator account unless absolutely required for maintenance tasks and only for those maintenance tasks.

 For web links -- hover, think, research.

 Disable macros in office suites.

 Other practices will help with ransomware and other malware infections, Use the web to search for those best practices. But be aware, current ransomware is designed to infect and make money and the older best practices we have all used in the past are not effective.



No comments:

Post a Comment