How to protect yourself against Ransomware
Ransomware is a type of malware that infects and restricts access to a computer system or files until a ransom is paid to unlock it. Malware is a grouping term that refers to Viruses, Trojan, and Ransomware etc. What is challenging is that most new strains of Ransomware are very difficult to prevent because they prey on a person giving permission to activate the malware.
The effect that Ransomware can have on your organisation can be devastating. This is why we have created a short video hosted by our Director and Security expert, that discusses the growing threat of ransomware, the latest variants such as ‘Crypto’ and how you can protect your organisations data and systems. Please note – this video requires sound.
How does Ransomware work?
What makes it so hard to prevent is that new variants render traditional security methodologies useless by prompting the user of the systems to initiate the malware. The person is inadvertently giving the malware permission to encrypt files, an action that your staff can do at any time. The issue, of course, is that it does so with a key that you don’t know, effectively rendering the file useless. Further it does this to any file that the affected staff member has access to on your entire network, potentially all files.
Imagine you apply a password to an important file and then forget that password. Anti-virus can’t stop this, it’s a standard daily activity, but one that has resulted in you not being able to access the file. This is effectively what the staff member is inadvertently giving Ransomware permission to do.
Ransomware typically infects through malicious email attachments such as zip files, word docs, pdfs or emails that are designed to look legitimate and include a link to a site that infects your computer. These emails often appear to be from reputable companies such as banks, in order to trick the user into opening the attachment. We have some samples below.
Essentially after the Ransomware variant enters your computer, it will encrypt all of your data files, from your Word documents to your photos, videos and pdfs. It will then demand a ransom in order to get them back.
How do I best stay protected?
The best way to stay protected is to be cautious when browsing unknown websites, opening attachments from unknown sources and avoid using free scan tools.
- Do not follow unsolicited web links in email messages or submit any information to webpages in links.
- Use caution when opening email attachments.
- Ensure your operating systems and software, including anti-virus, are up-to-date.
- Perform regular backups of all data to avoid serious consequences should your system become infected.
- Engage you IT services team or provide to ensuring network file permissions are properly maintained. The attack can only affect files the infected user has write or administrative access to.
Can anti-virus programs help?
The purpose of Anti-virus systems is to stop malware entering your network. The issue with Ransomware is that the affected staff member is confronted with something that is not Malware and that staff member inadvertently gives permission for the Malware to enter the network and become active rendering security layers useless.
User education is the strongest defence. Current ransomware variants require a user to click on the wrong thing, effectively authorising malicious software to run. Dan Prowse – Diamond IT Support Team leader.
Once your PC has been infected with Ransomware you will be unable open files, instead you will get a pop window asking for a ransom like the images below.
What should I do if I get infected by Ransomware
Turn off and disconnect from the network any PCs ASAP.
It’s very important that the affected staff member let’s their management and Diamond know ASAP. There can be less damage caused if it’s caught earlier.
Your organisations management should give consideration to whether the risk of other systems being infected outweighs the impact of shutting down the entire network until Diamond arrives.
Should I pay the ransom?
No. Although there has been reports of the ransom being paid and the files been unlocked the success rate is quite low. Mostly there is no response or when the response does come the unlocking of the files is unsuccessful. We don’t mean to make light of the situation, but as you can possibly imagine, these hackers don’t have 24/7 priority support attached to their decrypting.
How do I get my files back?
The only realistic way to get files back is to restore from the last successful backup.
It’s very important to ensure your IT services provider or internal team is clinically monitoring backups.
How can Diamond help?
For customers on a Managed Services Agreement for their IT systems.
Diamond is using our comprehensive skills in Managed Services to take every possible measure to help protect our Managed Services customers.
- Managed Services architects, software developers and engineers are doing everything possible to stop variants entering our IT Managed Services customer’s networks. Using our unique DMS system we have been able to roll out protection against some of the variants, but we make no guarantees as new variants are being created all the time.
- As a standard component of our Managed Services agreements, we’re continuously monitoring backups to ensure if an event occurs your information is safe. We’ve recently launched a cloud backup product that provides an extra layer of isolation to protect the backup from infection. For all customers, including those not on managed services agreements.
- Awareness is a major factor, we’ve been very active in our communication to raise awareness of this threat.
- We have developed some very innovative ways of tracing the damage to cut down the time taken to restore data.
Examples of Ransomware variants
The following are some known examples, but by no means an exhaustive list.
Dropbox – Phishing Email
Telstra – Account Billing Refund Email
AGL – Electricity Bill Email
Australian Federal Police – Infringement notice
Office of State Revenue
Tax Refund Confirmation
Fake Software Update
The fake software updates are usually for Adobe Flash player. The fake page will look very similar to the actual adobe update page but you will notice that the web domain within the address of this page does not end with Adobe.com.
Contact us today about Ransomware