What Is Ransomware, Is It Here To Stay?

Posted By: Hayley Tuesday 1st November 2016

Managing Director, Michel Lane, discusses Ransomware.

Ransomware is malware that holds the victim’s computer to ransom. This is usually achieved by encrypting all of the user files and demanding payment for the encryption code. The results are not limited to local files but to network shared folders. The malware then displays a ransom note requesting payment in “Bitcoins” on the infected machines. A new breed of Ransomware has built in expiry dates before it starts deleting your data. Switching your machine off and back on after the expiry date does not prevent it from activating. The ransom note may claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court. Victims are often too embarrassed to ask for help because the ransom note may say they were viewing pornographic content.

Ransomware can arrive on your computer through opening attachments in spam emails. These malicious emails may have what looks like regular documents attached, but once you open them, your computer is at risk of becoming infected with malware. Another way ransomware can infect computers is through certain websites. These may be malicious websites, set up by criminals for the sole purpose of infecting anyone who visits the site, or they may be legitimate websites that have been compromised by the criminals and used to spread malware.

Ransomware has gone mobile due to the large demand of smartphones, tablets and other hand held devices. Many users operate Google drive / drop box / Microsoft cloud on their mobile devices, which syncs to the main servers on where there data is held. Once the smart phone documents are encrypted, the encrypted data is then synced to the cloud based applications where your documents reside. Unfortunately, because of the sync, the files become replaced with the encrypted versions.

Unfortunately, people believe that all cloud applications have online backups, a careful read of the terms and conditions of all services provided online will provide a better understanding of what you are paying for as different tariffs have different services. I would always ask the question “Can I restore a file if it was accidently overwritten or deleted within 7 days?”.

Is there a prevention for Ransomware? Ransomware is constantly changing to a different form; it attacks without you knowing and can be disguised as anything. This form of Cyber Terrorism doesn’t discriminate between race or religion; every age and nationality is targeted. Unless you don’t have a smartphones / tablets / PC, you are a target.

Ransomware is here to stay and the threats are getting worse every day. The servers which are used to encrypt your data are constantly shutdown by Cyber Enforcement departments, but new ones are developed every hour. How do I prevent this from occurring? Unfortunately no one can guarantee their product to be 100% effective. Standard Antivirus programs uses definitions to protect against various attacks, unfortunately definitions are incidents that have happened and there signatures have been logged, so when an Antivirus engine scans and encounters these signatures the files are registered as a virus.

Enhanced Antivirus programs are now available that operate using artificial intelligence. They work alongside traditional antivirus programs to provide an enhanced layer of protection. The artificial intelligence looks at the behavioural pattern of the host machine and if there is anything out of the ordinary that is performed on the machine, it stops the process that has executed the action. This is usually within a few seconds as it knows general human behavioural patterns are not as fast as automated programs.

There are a vast number of programs that claim they are effective against the threat of Ransomware and you can take all the measures in the world to prevent this from happening. Should the worst happen, hindsight will not help. What Lanesystems can do is provide a recovery method to put in place now to aid in the restoration of your data after such a catastrophe. The most important issue that people should always take into account is “BACKUPS” and the implementation of a solid/ fool proof contingency plan.

If you don’t have a contingency plan or you are worried about the security of your network and data, call LaneSystems on 01740 623 582 to discuss your options.