Ransomware Prevention: 101

Ransomware Prevention: 101

Imagine sitting down on a perfect spring afternoon ready to review your actions and tasks for the day for an upcoming project. After a few clicks you start to notice several files that need your immediate attention; you suddenly cannot open any of your files. After a few more clicks with no success your screen becomes filled with several pop-ups displaying a single message and count down timer; “Your Files have been Encrypted, You have 48 hours to pay the ransom to unlock your files or they will be permanently destroyed”.

This is the point when you realize you’ve been hit by ransomware. Ransomware once a machine is infected encrypt every accessible file on the local PC, and then immediately go after any network attached share drives and start encrypting those file systems. In most cases the files are unrecoverable and the only method of restore is to either pay the creator of the Virus for the unlock key or to restore the entire file system from your backup solution/disaster recovery plan.

The threat of this type of viruses has grown at an exponential rate in the last few years because of the revenue that has been created by victims that pay the ransom. In many cases it has steered companies and businesses to move away from a Windows/Microsoft based file system and instead finding alternative solutions using Network attached Storage devices running Linux. Once brand in particular is Synology. They offer a wide range versioning and real time replication solutions that can help counter the ransomware threat. For more information about Synology features check this link: click here

Ransomware Types:  There are several primary types of ransomware, the most effective and proactive way to prevent Ransomware is for you and your team to understand the types of threats and how they can infect your systems.

Phishing/Scareware:
-Pop-ups pretending to be tech support providing assistance on a website
-Rogue/Fake security software that suddenly appears on your desktop or in your browser
-These are typically removed with basic security scan from your security software (Norton, AVG, Etc.)

Screen Lockers:
-Very invasive, these threats generally are the result of undetected minor threats being left and on the system for an extended amount of time, allowing an open door to your PC for ransomware
-Usually localized to one PC and do not spread beyond a single PC.
-Can only be removed using bootable CD or USB tool sets.

Encrypting Ransomware:
-This is the move invasive of all, these are typically distributed by an attachment in an email or by directly interacting/running a macro enabled file online.
-These files normally have extensions that are atypical and carry macros embedded in the files, once opened the macro runs on your PC encrypting all accessible files, file share and servers within a matter of minutes.
-If left to run for more than a very limited window of time, these are the types of viruses that take down entire networks and infrastructures.

Preventing Ransomware:
The most powerful tool in your arsenal against these online threats is a strong and secure antivirus. The second most effective tool is You, Your Team and Your Awareness that these threats are out there waiting to be interacted with.

Creating group policies to prevent the spread of these viruses is a fantastic counter measure that can be taken to reduce the impact when ransomware strikes. With the exponential growth of these threats avoiding infection is becoming quite rare. The most common source of infection is because a user was not paying attention to an attachment or link that was send from an unknown sender.

At Datahal LLC we are experts in dealing with Ransomware, providing solutions to protect and safe guard your files/data and encourage all companies to make awareness a priority for their employees to understand. If you have any questions or inquiries about what you can do to start protecting your company or home network let us know, we are happy to help!