Ransomware Keyboard

We recently had a customer contacting us for assistance in restoring all their files from cloud storage. Unfortunately, they were the latest victims of a ransomware attack which scrambled and locked all their files. Luckily for this customer they were able to carry on with business after restoring their files.  In their case, they had a good disaster recovery plan, which included off-site backup schemes.

Ransomware is essentially viruses or malware that, once they infect a computer, scrambles (encrypts) files and folders on the host computer and potentially also any connected computers and networks. They then demand the payment of a ransom to decrypt the data (though there is no guarantee that any payment will actually result in this).

There are different types of ransomware and they are getting more sophisticated all the time. Early versions hid malicious attachments that did the encrypting in addons and macros for Microsoft Office. Newer versions are using javascript to infect your device and enter undetected.  A particularly nasty piece of ransomware goes by the name of ‘Locky’ and seems to be spreading very rapidly.

“We are currently seeing  huge volumes of Javascript attachments being spammed out,” said Rodel Mendrez, a security expert at Trustwave in a blogpost.

On the Trustwave, blog they reported, “peaks of 200K emails hitting our servers in a single hour”. Security firm Fortinet predicted it would become a major player, out of 18.6 million hits Locky has already accumulated a share of 16.5%. Coming in second, behind Cryptowall which was 83.5%. Cryptowall first started appearing in 2014, but the surge in spam mail has given Locky the opportunity to gain “significant presence” in the ransomware world, said Mr Dela Paz in a Fortinet blogpost.

 

How to protect yourself?

Although the viruses are constantly changing, the methods of protecting yourself still use the same principles.

    • First, have good company policies around emails and be wary of opening attachments, even if it is not in your spam folder. Make sure you know who it’s being sent from and why.  If you’re not expecting it, don’t open it.

 

    • It goes without saying that all computers should at the very least be protected by antivirus software from any of the big vendors or the built-in ones in most operating systems.

 

    • Make sure you install the latest patches and security updates for your operating system (usually Windows for PCs and OS X for Macs). Enable Auto Update or do it manually on a regular basis.

 

  • Do not enable macros in Office. Microsoft automatically disabled them as a security precaution. Unless you have a specific reason, don’t risk enabling it.

And the big one:

BACKUP YOUR CRITICAL DATA!  You should have a multi-pronged approach to backing up data, which means it is best not to have to rely on a single backup kept onsite. Backing up to the cloud (‘cloud storage’) is a simple and cost-effective step you can take to give yourself additional resiliency in the event of having to rely on a backup.  If you need any advice on how to implement this, we are happy to advise you, whether it’s based on a dedicated server, cloud storage or using your own equipment colocated at our data centre (this is known as ‘colocation’).

 

To summarise, good security policy, combined with onsite and cloud storage could be the be all and save all of disaster recovery. Without this, you could find yourself sinking pretty fast into the mud and might not be able to pull yourself out.