Held to Ransom…
3rd February 2016
Let’s get straight to it.
And let’s be honest – some of the text below may be dry but it could save you an awful lot of time, money and effort.
That’s probably worth five minutes of your day.
So, what are you waiting for…
Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key.
It spreads through e-mail attachments, infected programs and compromised websites.
A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.
Attackers may use one of several different approaches to extort money from their victims:
- After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the key will be destroyed and the data will be lost forever.
- The victim is duped into believing he is the subject of an police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The malware surreptitiously encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.
Top Five Ransomware Prevention Tips
- Blocking .EXE file attachments in Office 365 – from our experience, 90% of ransomware infections occur because a user has opened an email attachment with the virus attached, usually they’re disguised as an invoice or receipt so the user is tricked into thinking it’s safe to open. By blocking .EXE attachments from arriving in the end users mailbox, the number of potentially unsafe emails is reduced dramatically.
- Removing local administrator privileges – Making it so users are excluded from the local administrators group on a machine is also key to ensuring Ransomware doesn’t execute properly. When new software is being installed or attempts to run, a box asking for administrator credentials will appear. If these are not entered, the program is unable to execute itself and potentially infect a PC.
- Deploy a software restriction policy – All ransomware (to date) runs from the same specific system folder on a machine, by implementing rules to prevent any programs being able to execute in this folder the ransomware is not able to run and is stopped in its tracks.
- Ensuring backups are fully up to date and as robust as possible – if for any reason ransomware is still able to run despite the above steps being carried out, a reliable and robust backup solution is key to ensuring no data is lost and is recovered as quickly as possible.
- End user training – Probably the most important step in ensuring ransomware does not become an issue for your business is sharing this knowledge with your users. Training them not to open any email attachments or downloading any files they aren’t 100% sure are safe. Ransomware cannot run on a PC by itself, it always takes some form of end user intervention to set the ball in motion.
That wasn’t so bad was it?
Please leave a comment below if you have any further questions and one of Assist will get back to you.
Have a lovely day