Ransomware 101...by Bernard Mott
Oct 12, 2017
No Longer a Matter of "IF" You Will Be Targeted, But "WHEN"
Spora, Genasom, Reveton.
No, these are not newly released pharmaceuticals for athlete's foot, insomnia, or tachycardia. These are the latest generation of ransomware trojans that will infect your computer, disabling access to your files until you pay the ransom. There are others: Locky, Petya, WannaCrypt, and WannaCry, to name a few. "Bad people" (there are other terms for them, but I'm trying to stay PG-13 here) develop these malware programs to extort money from you or your company. If you don't pay the ransom, your computer will be permanently locked.
Have you seen this on your computer?
Then you've probably been infected with ransomware.
What to do now?
Should I pay?
Do I call the cops?
What the heck is a bitcoin?
I'll try to help answer some of these questions and more.
What is Ransomware?
Ransomeware is a malicious program that will encrypt all the files on your computer using an encryption key that you do not know. Once the file is encrypted, you will not have access to the file until you pay the ransom. The "bad people" will then send you the key to decrypt, or unlock, your files.
What is Bitcoin?
The "bad people" request payment in Bitcoin because it is untraceable. Bitcoin transactions are anonymous, so there is no way to tell who received your money. Currently, one bitcoin is worth about $4800. There are numerous locations where you can buy bitcoin. Here is a map of locations within Louisiana that sell Bitcoin: https://coinatmradar.com/state/19/bitcoin-atm-louisiana/.
Should I pay?
To pay or not to pay, that is the question (My apologies to Hamlet and Shakespeare.). As in most decisions in life, it depends on a number of factors.
FACTOR #1: Do I have a backup? If so, restoring from the backup is the cheapest answer.
FACTOR #2: How quickly do I need my data? Restoring from backup may require several hours to several days. Paying the decryption key may be quicker, but more costly.
As an example, Hollywood Presbyterian Medical Center decided to pay. For the story, click here.
Some companies have a line item in their budget for paying ransomware. Paying the ransom is a more expeditious route to document recovery. (I'm not judging them...well, maybe a little.)
What can I do to prevent ransomware?
Ahh, finally. Someone asking the appropriate question. What countermeasures can we put in place that will minimize the effects of ransomware?
#1: Backup, Backup, and Backup. Ransomware always evolves. What blocks an attack today may not block a new attack tomorrow. See Zero-Day attacks for more details. Having a backup of your data will allow you to simply replace the encrypted files with the previous backup of the files. The uninfected backup file is safe. A restore from a local backup, either tape or external hard drive, would be the quickest way to get to your encrypted files. Online, or could backups, such as Microsoft OneDrive or Google's Google Drive, allow you to store backups in a remote location that is off-premises. If a catastrophic event happens at your office, the cloud backup store at a data center in another state will still be available.
#2: Install advanced antivirus protection. The latest countermeasure to viruses and ransomware is Artificial Intelligence (AI) and Machine Learning (ML). Older antivirus software depended on the virus attacking the same way every time (a signature, so to speak). The AV software downloads new signatures periodically. However, if a new virus appears that doesn't have a signature, the AV software doesn't detect it. Artificial Intelligence products adapt to changes in virus behavior and compare that to what your computer normally does (machine learning). If a program attempts a behavior that is out-of-norm, the AI product will terminate the application. The highest-rated apps that use Artificial Intelligence include Cylance (http://www.cylance.com) and BitDefender (http://www.bitdefender.com).
#3: Do not click on stuff. Most ransomware is distributed via email or infected websites. If you get an email with an attachment from someone you do not know, DON'T CLICK ON IT! Healthcare facilities are specifically targeted by cyber criminals. Imagine getting an email from admin@H0SPITAL.COM with an attachement called BillingCodes.pdf. You would probably click on it....and then get infected. Notice the "o" in hospital looks different that the "o" in .com. That's because it's a zero. Cyber criminals have lots of tricks to get you infected.
#4: Get your staff trained. Cyber security training should be considered mandatory for your staff. People will always be the weakest link in your organization. Hackers always target people first. Security Awareness training for all staff, along with more advanced training for IT admins will go a long way in protecting your network and data from cyber intrusions. The CompTIA® Advanced Security Professional, Certified Ethical Hacker, and CISSP classes are all good choices for network administrators tasked with defending the network.
For more information on cyber security training classes, malware defense, and even end-user security awareness, please contact your Account Executive at LANTEC of Louisiana or call us (225) 293-0656 or (337) 233-2016.