Ransom-ware protection is virulent today. As it turns out, there has been a 300% increase in Ransom-ware attacks since 2015; and that’s only in the first quarter. If you’re not familiar with this virulent hacking, it is what it sounds like viral software that ransoms data for money. You can’t access your operational information unless you pay the hacker a sum. The thing is, paying that informational terrorist doesn’t necessarily guarantee a return of systems operations. Opportunistic ransom-ware types are apt to double-dip as often as they are able to. If, after an attack, you don’t fix the security issues which allowed it in the first place, you can expect to be compromised again and again and again.
What to Do
The first thing you want to do is get off the network. Disconnect and cease all data backup. Ransom-ware seeks to spread like some viral spider until it has trapped as many computers as possible in its evil web.
Your next step is to remove all the malicious ransom-ware. This can be done with antivirus software. It’s a good idea to have a regular practice of backing up software to a secure location off-site so you can initialize your computer and reload it from the off-site backup. Before you run anything like you would have normally, double-check the computer in “safe” mode to ensure all ransom-ware is gone.
If the computer hasn’t been properly backed up, the person affected by ransom-ware will either have to pay the fee, or lose all their data. So one of the best proactive measures against ransom-ware is having a continuous backup to a safe location and disconnection from that data reservoir between backup times.
Five Infection Groups
When you decide to obtain ransom-ware protection, you need to protect against several specific types of attack, which include:
• Email-Borne Infection
• Covert Communication
• Advanced Encryption
• The Bitcoin Ransom
• A “Tight” Deadline
With email-borne infection, you’ll receive an e-mail that is “spoofed”, or may have been derived from mixing contacts. For example, you may have a friend named Jill Michaelson, and a friend named Steve Jerry. You might get a message from Jill Jerry with a heading pertaining to some aspect of your job. There are families of this attack known for attacking via “download advertising”; there are also websites of a malicious nature, file sharing shutdown and other variants, but what links them together is a file that must be downloaded which you are tricked into downloading. If you’ve been bamboozled by this one, look for a .exe from a zip folder on the target computer that adds a “key” which allows the ransom-ware to run into the Windows registry.
The covert communication is malware that manages to begin communicating with a server of the “command and control” variety. Crypto Locker is a good example. A vanguard in the modern ransom-ware threat, this iteration of ransom-ware is reliant on a particular domain generation algorithm. It’ll jump between servers to hide itself.
With ransom-ware of an advanced encryption, a server connection becomes established and a ransom-ware platform like Crypto Locker will create several encryption keys. One of the keys is private, the other public. The algorithm used is military-grade, usually capping at the RSA-2048 bit level; though some are known to be as complex as 4096-RSA.
The bitcoin ransom is a variant of these attacks where hackers demand payment in either Bitcoin or some other modern digital payment option of a similar financial kind. Some businesses who hold any Bitcoin cryptocurrency might choose to cash in their currency in a bid to avoid it being held. There are online currency converting websites now where customers can convert Bitcoin to paypal, Western Union and Visa, to name a few. Whilst cashing in Bitcoin might seem like a solution to the problem, hackers may still demand Bitcoin as payment regardless, forcing businesses to reconvert their funds to cryptocurrency.
The “tight-deadline” basically holds files over a digital fire and says: “pay us in such-and-such time, or your files are gone forever.” A clock then starts ticking down the time you have remaining, and if you pass the limit, the key encrypting your files is destroyed, and they cannot be recovered.
Ransom-ware’s like radioactive computational waste and IT protection from an agency specializing in as much is a suit protecting against fallout. Ransom-ware protection is so integral today, as ransom-ware programs number in the dozens and make previously natural environments hazardous to businesses. Don’t be a victim of ransom-ware fallout. Backup your systems, and get antiviral protection from an agency that can catch the viral “fallout” more quickly than you may be able to.
San Diego, CA
Michael is the CEO of Spacelink, providing IT infrastructure cloud hosting services and IT support in San Diego since 2001. Michael has over 9 years of experience in IT infrastructure and has a passion for simplifying the complexities of information technology and cloud services. Spacelink exists to help companies propel their businesses with a well-reasoned IT strategy and forward-thinking technology that’s cost-effective and reliable. Spacelink was recognized as a top Managed IT service provider in North America by MSP Mentor in 2016.