Ransomware 101: key things you need to know

Ransomware attacks have been on the rise, and are being experienced in the Caribbean. Here is a quick summary of the threat and actions that could be taken to minimise exposure.


Over the past several months, network security experts have been highlighted, and have been concerned about, the marked increase in ransomware worldwide. Several organisations across the Caribbean, including government ministries, departments and agencies, have been hit by ransomware in recent months, which hopefully, should precipitate more concerted efforts in the region to address cybersecurity. According to
Wikipedia,

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.

Depending on the ransomware, they encrypt or otherwise adversely affect not only user-generated files and documents, but also systems files and records., and can steal credentials stored in web browsers. Additionally, and again depending on the type of ransomware, they can affect smartphones and tablet computers, and not just PC and laptops.

It is emphasised that there are dozens of ransomware, and variations thereof. According to TrendMicro, some notable ransomware families include:

  • CryptoLocker – Uses advanced encryption standard (AES-128) cryptosystem; The word Cryptolocker is written in the wallpaper it uses to change an affected computer’s wallpaper
  • Cryptowall –  Encrypts file name of files it encrypts and follows up with an updated ransom note. It also comes from spam as a JavaScript attachment,
  • Locky – Renames encrypted files to hex values; Appends ‘.locky’ extension to files it encrypts; Generally, it arrives via spam with a macro-embedded .DOC attachment
  • Reveton – Locks screen using a bogus display that warns the user that they have violated federal law. The message further declares the user’s IP address has been identified by the Federal Bureau of Investigation as visiting websites that feature illegal content.

The ransom demanded to decrypt or restore the affected files tends to depend on the perceived value of the data to the user, which usually is payable in Bitcoin, and  is not easily traced. It should be noted that the value of the Bitcoin changes daily, and so could be costly to purchase when needed.

Without a doubt, ransomware is a serious threat to the security of networks and to computing devices. Although it is not possible to completely eliminate the possibility of an attack, below are some practices that IT security firm, Sophos, recommends be adopted:

  • Backup regularly and keep a recent backup copy off-site.
  • Don’t enable macros in document attachments received via email
  • Be cautious about unsolicited attachments
  • Don’t give yourself more login power than you need
  • Consider installing the Microsoft Office viewers
  • Patch early, patch often.

 

Image credit:  sheelamohan (FreeDigitalPhotos.net)

_________________

2 Comments

  • We often don’t realise the harm that this can cause especially to a small ( one or two person ) business. Today there are lot’s of available for data storage/backup, including free cloud storage facilities.

    The article is a good, timely alert.

Comments are closed.