Newmind PSA: Precautions to take against the ransomware threat

There’s a malware threat online, maybe lurking in your inbox or spam folder, called Ransomware. It’s been around for a while, but recent months have seen it gaining traction, under different names you may have heard, such as Cryptolocker, Cryptowall, and TeslaCrypt.

What is Ransomware?

One of the ways that Ransomware makes its way to end users is through a well-crafted email with an attachment. The attachment is malicious and when you click to download it, the ransomware encrypts (locks) certain types of files (.docx, .pdf, .jpg, etc) stored on local and mounted network drives, such as a server shared drive at the office. It then displays a message which offers to decrypt the data if a payment is made by a certain deadline—and threatens to lock the data permanently if the deadline passes.

Although the malware itself can quickly be removed, the encrypted files stay encrypted, in a way that researchers consider infeasible to break. Some victims claim that paying the ransom did not always lead to the files being decrypted. The current advice is to not pay the bad guys, and to recover as much data as possible on your own.

A big challenge with the newer versions of ransomware is that they get around email spam filters, most antivirus solutions, and most firewalls. So what’s your best defense right now?

As a user, you should very careful when clicking links, and the files you download through email! For any IT support reading this, your number one priority will be to get a solid backup system in place.

Update: Angler Exploit Kit (12/2015)

There’s a new ransomware delivery method being reported near the end of 2015 called Angler, which infects exploiting weaknesses in 3rd party software and plugins (like Java and Flash). It then installs several layers of malware—the first layer collects login info from your computer, which it then attempts to use to propagate the virus further, such as through web servers. Then, it installs CryptoWall 4.0, to encrypt and lock the victim’s data.

We recommend keeping your browsers up to date, and taking caution against older plugins like Java and Flash player.

Who is it affecting?

According to Kaspersky Lab, this type of malware (ransomware) is most active right now in the United States, Spain, and Germany, and it’s targeting a range of different victims, but small, medium, and large businesses could stand to lose the most if their data becomes infected and encrypted by the malware.

Ransomware can be avoided, but victims getting hit will be hit hard. Follow the tips in this free Ransomware protection guide to protect yourself.