Ransomware is taking IT theft to a whole new level.
Our ability to protect ourselves from computer fraud and intelligence theft is becoming increasingly difficult.
What is Ransomware?
In February 2016 the Hollywood Presbyterian Medical Center, in Los Angeles, paid a ransom of about US$17,000 to hackers who infiltrated and disabled its computer network with ransomware. Ultimately, the computer network was closed and so was the medical records of 1000’s of people.
To understand the gravity of the Ransomware problem, imaging having to turn back the clocks to a time when communication was by telephone, there was no internet, and money was transferred by cheque. The medical centre in question did just that. Being forced to move back to paper and fax communication until the IT team can fix the problem and restore the network is no easy task.
Ransomware is a deliberate infiltration of IT systems with the sole purpose of locking out its users by encrypting the files. Until a ransom is paid, the system is inaccessible.
The Hollywood Presbyterian Medical Center decided to pay the ransom because this was in the best interest of the patients affected by the network closure.
Understanding The Way Ransomware Works
Ransomware has a number of variants and levels of lockout but its main purpose is to force the owner into paying a ransom for the ‘key’ to unlock their computer.
Its rapid spread across networks can be driven by malware or a virus that quickly infiltrates computer networks or single users.
!. Distribution – email attachments, website malware, spam, social engineering, direct hardware use (USB drives)
Infection – arrives on users computer and then begins its process
Process communicates with encryption servers
Process searches for user files on the computer
Encryption – possible renaming files, encrypt and rename
System demands payment
Why is Ransomware so damaging.
Ransomware leaves the end user with only two options.
!. Pay and retrieve the files back and continue working
2. Not pay and simply lose all the stored data and information.
For many people the choice of not losing their data simply isn’t an option and paying a criminal for something that is already yours is of course distasteful, but the easiest path to restore a sense of normality back to their life. For some however, the thought of giving money to a criminal is nothing short of immoral
Other questions about where the proceeds go or who is behind the invasion of privacy are pure speculation but I know, I would rather lose my data than pay a criminal.
How do we protect ourselves.
Despite every effort to protect a network or single computer, if your backup of your files is not off-site or disconnected from your network, you will be be vulnerable to attack.
The safest way to protect your system is to backup to an offsite service or cloud.
Even with the latest anti-virus you will still have some vulnerability and ransomware variants are many and being constantly modified.
One of our greatest weaknesses is constantly exploited through email.
We say we are tired of Spam email, but we still allow a considerable amount of traffic through our email filters.
Watch out for emails from well recognised institutions such as our banks or Australia Post. The Australian Tax Office is a favourite and even major brands.
As an example, the bank may send you information to check your balance. The ATO may be informing you of a potential tax return, a well know brand could be offering you a free trial. All of these require some discretion. Think carefully about the message and ask yourself, would this organisation communicate like this.
Sometimes, a dead giveaway is seeing the email address of the sender.
What do I do if I do get a Ransomware message?
If you have been unfortunate and you are the target of a Ransomware message, you do do have additional options available.
Calling Corporate Data Recovery as soon as you know your system has been infected can offer you the choice of sending in your drive and having the data recovered.
We have a number of ways of unencrypting locked files and though this is dependent on the type of encryption employed, our means of working around the locked files are many.