Friday, November 20, 2015

Protecting Your Network from Ransomware

What is Ransomware?

Ransomware is malware that holds the victim’s data ransom by preventing access to the computer by locking the desktop or by encrypting the user’s files where they cannot be read. The malware then displays a ransom note, possibly pretending to be from federal or local law enforcement of some sort.

The ransom note may even claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court.


As we quickly approach 2016, researchers at Fox IT have successfully identified the “Big 3” Ransomware families, whose members have generated huge income in 2015:
  • CryptoWall
  • CTB-Locker
  • TorrentLocker

What are the Basic traits of Ransomware?

Although each ransomware variant is unique, they still work in similar ways. There are generic traits seen with these behaviors.

File-system behavior

Most ransomware will place payment instruction files in the directory of the files that it’s going to encrypt. These files are usually in the form of a text, image and/or URL. It may even include a popup window notifying the user that his files are being held ransom and require a ransom.

Network behavior

Ransomware will encrypt files on drives that are network mapped on the computer as a side effect. This can affect an entire business that relies on network shares for their data, potentially spreading from one computer, to the server, to all other computers that access that server. Having a proper backup solution in place may be the only solution to protecting your data.
As we find encrypted files on a network share, we can use that to determine which user was initially infected with the ransomware by checking the creator of the instruction files on the share. This tells us which computer to disconnect from the network. The goal is to disconnect the infected user as quickly as possible from the network to prevent any further damage.

So where did the Ransomware come from?

One method for installing ransomware is through certain websites. These may be malicious websites, set up by criminals for the sole purpose of infecting website visitors, or they may be legitimate websites that have been compromised by infected advertisements or links by the criminals and used to spread malware.
Another way ransomware can install on your computer is through the opening of email attachments in SPAM or infected emails. These malicious emails may have what looks like regular files attached, but once you open them, your computer is at risk of becoming infected with malware. You may not even see it happening.

Ransomware on Mobil Devices

Ransomware for mobile devices is becoming more common and now have the ability to lock your smartphone or tablet or even encrypt the files stored on these devices. Criminals have learned that we are more dependent upon our phones and tablets than ever before. In some instances, they are more frequently used than our computers, explaining the increase in “mobile malware”.

Follow these tips to stay protected from ransomware.

  • Make sure you have a quality, antivirus program installed on your network, and that it continues to be updated on a regular basis. This also includes installing a reputable security app on your phone and tablets.
  • Keep the operating system and all software on your computers & servers up-to-date by installing the latest security patches and updates.
  • Consider adding a mail-filtering service that not only protects your email from SPAM, but also adds manageability and virus protection. Some services, such as MailWatch from CMS, will continue to spool your email when your connectivity is down, protecting you from lost emails.
  • Avoid downloading software or mobile apps not necessary to your work and only download from trusted sources.
  • Most importantly, Backup! For your network, have a data backup solution in place that protects your critical data on your network so that if anything does happen, you have an untainted backup source to retrieve from and restore to your network. And don’t forget to back up your mobile device to a reliable cloud source that you can retrieve from and restore.

12:55 PM