- September 18, 2017
- Viruses & Malware
Ransomware surfacing again
With all the media coverage given to some recent Ransomware attacks most notably the NHS ‘wannacry’ attack, we were always going to see more exploits surfacing, and here in day four of a new month another one has surfaced twice so far for us at Vone Services, ‘Locky ransomware’ which was released to the wild back in 2016 has seen a dramatic rise in appearances this year so we will try to offer you some advice and guidance.
As a background ransomware attacks basically lock all your private documents, word, excel, pdf etc and forces you to pay a ransom in Bitcoins to get the decryption key. if you are unfamiliar with what Bitcoin is then we have a document that explains this, but in short it’s an untraceable monetary transaction and at present 1 Bitcoin is equivalent to £3500. Locky Ransomware is asking for payment of up to 1 Bitcoin to unlock encrypted files.
Most ransomware exploits gain access to your network or computers through email, normally linking to an external website that forces you to download a file, commonly you may get an email mentioning an overdue invoice or a remittance, both of which would attempt you to run an attachment or download a file that contains the infection.
But what about my antivirus software I hear you asking? Yes, a majority of antivirus software will scan the files and notify you of a potential risk, but if you accept to open or run something your antivirus software will just trust you to know best and allow the files to be opened.
There are though specific anti ransomware solutions available which will work in conjunction with your existing anti virus products.
Ok so I’m infected what can I do?
1. Unplug your computer from the network immediately to quarantine the machine itself as the virus can quickly spread across your network.
2. Check your network and then check your backups, if you have adequate backups then you can just reinstall the infected machine and restore your backups.
If your backups are not suitable then as researchers have not found a tool that can be used to unlock the infected computers from Locky your only option if you have files that are desperately needed is to pay the ransom itself and hope that the decryption key is released, remembering that a Bitcoin payment is anonymous there is no guarantee.
Some variations of ransomware are curable and a system restore will on occasion get the computer back running but normally files are infected which are not part of the system restore process. Sometimes it is possible to retrieve some of the encrypted files, but this is a difficult task and one that should only be performed in an ‘off net’ working enviroment by skilled technicians.
Ok I’m not infected yet but what can I do to minimise the risks?
1. Ensure your backups are up to date and working, a decent offsite backup solution is core to any businesses continuality and disaster recovery plan.
2. Make sure your computer antivirus solution is up to date and that your servers are running an anti-ransomware software solution.
3. Consider an external emailing scanning solution to filter out emails getting to your machines and companies.
And finally and probably most important…
4. Education of your staff is probably the number one prevention tool, if staff are aware of what to look out for and are told to avoid any emails that are not expecting from unknown sources then the majority of potential attacks would be greatly reduced.
This article briefly touches on a few services that Vone Servcices provides including proven backup technologies, successful antivirus solutions and advanced email scanning and filtering solutions, please feel free to contact us for further information.