March 30, 2016 @ 05:20 pm
Ransomware is malware that gets installed on a user’s computer using a social engineering attack where the user gets tricked into clicking a link or opening an attachment. Once the malware is on the machine, it starts to encrypt all data files it can find on the computer itself and on any network shares the computer has access to.
Next, when a user wants to access one of these files they are blocked, instructed that the files are taken ransom, and how to pay the ransom to decrypt the files. Current strains of ransomware are Petya, CryptoLocker, CryptoWall and CryptorBit. CryptoWall has generated over 300 million dollars in criminal revenues.
Once these files are encrypted, the only way to get them back is to restore a recent backup or pay the ransom.
Paying the criminals is usually an amount of about $500 within the first deadline, and when the first deadline expires, the ransom doubles. They require to be paid in untraceable crypto-currencies like Bitcoin. Bitcoin is a new kind of money (call it a digital currency). The actual amount demanded may fluctuate.
Ransomware has proven itself to be a successful criminal business model so many more ransomware strains are expected to be developed in the near future.
Auburn University utilizes multiple tools to block these types of threats from being executed; however, they can and do still occur. In the last month, there have been at least two incidents of ransomware that encrypted desktop computers on the Auburn Network and then demanded payment. Fortunately in both cases, the incidents were isolated before it spread across the network.
The best way to prevent a ransomware infection is to not rely on just one solution, but to use multiple, layered, solutions for the best possible protection.
Safe Email Practices
Two simple safe email practices can save you a lot of headache.
In the event of a catastrophic event such as a malware attack, ransomware or complete system failure, it’s essential to have your data backed up. Many have been able to quickly and fully recover from a ransomware attack because their data was backed up and safe. We recommend using an online storage service and an external hard drive at the same time as the best possible backup solution.
AntiVirus and AntiMalware Software
While antivirus is highly recommended, you should have multiple layers of protection in place. It is not wise to solely rely on antivirus software to keep your PC secure, as it cannot prevent infections from zero-day or newly emerging threats. Most antimalware software like MalwareBytes is designed to run alongside Antivirus products, and it’s recommended you have both in place.
Computer Configuration and Maintenance
Here are a few suggestions to limit your computer's exposure to these risks:
How To Stay Protected Against Ransomware by Sophos