Ransomware – What You Need to Know
Diverse Tech Services has noticed a sharp increase in attempted ransomware attacks over Q1 and Q2 2016. These attacks are primarily initiated through e-mail attachments, but also through social media websites linking to infected websites. Websites like Facebook, Twitter, and Pinterest are susceptible to these attacks by linking users to outside web addresses.
What does ransomware do?
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
- Prevent you from accessing Windows.
- Encrypt files so you can’t use them.
- Stop certain apps from running (web browser, anti-virus).
Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.
There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
How to protect yourself?
- Be cautious about unsolicited attachments
The crooks are relying on the dilemma that you should not open a document until you are sure it is the one you want, but you cannot tell if it is the one you want until you open it. If in doubt, leave it out.
- Do not enable macros in any document attachment received via email
Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so do not do it!
- Regularly backup your important files
There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. If your company has a share drive or file server, make sure to save your important files there. Often saving them to “My Documents” or to the “Desktop” does not ensure that they are backed up.
How does ransomware work?
Ransomware is computer malware that installs covertly on a victim’s computer, executes a cryptographic attack that adversely affects it, and demands a ransom payment to restore it.
Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive.
Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
How does Diverse Tech Service stop the threat?
Diverse Tech Services utilizes the latest in security tools. We work to block all threat vectors to ensure total protection. When it comes to stopping these advanced threats in their tracks, we rely on our Email Security Service, or ESS.
ESS is a comprehensive and affordable cloud-based email security service that protects both inbound and outbound email against the latest spam, viruses, worms, phishing, and denial of service attacks.
Whether you manage your own mail server such as Microsoft Exchange or use a hosted service like Microsoft Office 365, Spam and viruses are blocked in the cloud prior to delivery to your network, saving network bandwidth and providing additional Denial of Service protection.