Ransomware – what is it and how to protect yourself

lock-img3

Ransomware has been around for some time now. Luckily, not everyone has heard of it, but if you’ve been unlucky enough to of come across it, it’s not something you’re likely to forget.

 

What is ransomware?

It is a type of malware, but it has a different approach. Instead of going for passwords by one of several means (phishing), it wants to convert your data to a different file type and encode it so you have to pay a ransom to get it unlocked.

A notepad document is created which pops up to explain how you pay, via an online account or often in BitCoins. This may not get your files unlocked, merely your added to a list of those who’ve paid, and can be extorted for more money.

Some of the file types: cryptolocker, cryptowall, locky virus plus many more.

Systems affected: Windows and iOS.

 

How are you infected?

 

The files can be hidden within software downloads, such as BitTorrent. More common, is files within emails with an innocuous name such as invoice.doc or document1.docm. Just opening the email can run the virus, though sometimes you will need to click on the document. A small JavaScript file will then run and install the virus. From here, the work can start immediately or can lay dormant for weeks or months.

File names: Invoice.doc / document.docm

lock-imgHow do you protect yourself?

 

Some Googling will quickly highlight there is often a smug response of ‘restore your backed-up files’, but not everyone backs up their content, and even if they did, it’s not always a suitable answer. Restoring your computer will not help. Quickly disconnecting your machine is advisable until you can evaluate the extent of the problem, as the malware can spread across mapped drives in your network e.g. work or home PCs.

Anti-virus software will not always pick up the file as you have accepted it through your emails, so it is a trusted source. This is improving, but we’ve tested some of the top rated anti-virus software and found it didn’t spot the files coming through Outlook.

For larger organisations, a layered approach is recommended by using firewalls and limiting of mapped drives. This can put restrictions to how people work, as you are putting boundaries in place to offer protection. For smaller teams, this isn’t normally an option as the drives and networks are relatively short already.

The first line of defence or layer, if you like, is the person receiving the email. Steps can be put in place so that macros are not automatically run, even for known users. These settings can be found in the Trust Centre. Examples of that can be found here:  Microsoft Support

To protect yourself it is safest to use multiple backups online and offline, both daily and weekly, but ideally you would want 30+ days of retention with an online backup.

Mac users have had it relatively easy compared to Windows users, but even that is now changing with the virus being buried within software downloads. Apple does have the luxury of greater control of its environment, compared to the Wild West world of Microsoft, so it is quickly able to remove the certificate for those downloads.

 

Need help?

 

If you would like any advice on how to configure your systems to best protect yourself, then please get in touch and we can offer a free site survey of your systems.