Q&A: The dangers of Ransomware
With BBC News reporting today that British people paid over £4.5m in Ransomware demands to cyber criminals in the last year alone, it is clear that this is still a type of malware that is still widespread – and can sometimes have devastating effects. Shawn Wilkin, Technical Consultant at GCI, tells us more about Ransomware and how it can be avoided.
28 November 2016
What is Ransomware?
Ransomware is a kind of malware – or malicious software – that infects your computer with a program that locks your system and files. There is a very specific goal in mind for the criminals behind this type of malware – to part you with your money. Ransomware will limit your use of your computer until you pay a “ransom”, often demanded in Bitcoin and by a very short deadline to make you panic. This deadline, coupled with the fact that the cyber criminals will threaten that your files will be deleted if payment is not received, often triggers quite an emotional response, with a disturbing amount of people caving and meeting the ransom demands. The most common form of this Ransomware is Cryptolocker, which encrypts your files and warns that the private key to unlock files will only be shared once the ransom is paid. It can affect anyone, from individuals right up to the United States Department of Justice!
How does it find its way onto my computer?
Opening an a infected attachment in an email is probably the most likely method; criminals will often disguise the attachments with labels like “Invoice” or “Payment Receipt”, and will even pose as legitimate organisations such as your bank to ensure that you open the attachment. We have seen multiple customer cases where an unsuspecting employee has done this, and the Cryptolocker malware has spread to their entire company’s network! Other ways that a computer can become infected are via illegal downloads, or clicking on a link on an untrustworthy website.
What do I do if I become infected?
Prevention is ultimately the best cure when it comes to malware, so ensuring that you have a strong firewall, correctly-patched systems and professional antivirus software which is up-to-date is critical. Unfortunately, being prepared for all known malware help when it’s an unseen strain - as one of GCI’s customers discovered earlier this year - but luckily we were still able to help. After several customers expressed concerns about such Ransomware threats, we worked hard to quickly develop three packages of work designed to prevent, mitigate and recover from any such infection. This was offered to all clients, ensuring that not only were their company files and data protected against the majority of Ransomware variants, but they were in a better position for data recovery against newer strains. However, around two weeks later, a customer reported that they were unlucky to have been infected by “Zero-Day Malware” – that is, a previously-unreported or unseen variation for which no antivirus software signature has yet been developed. Fortunately, and unlike in many cases of CryptoLocker attacks, due to the pre-emptive work undertaken by GCI it was possible to recover the majority of the customer’s data without them having to pay for decryption. Once the infection had been reported and identified, the encryption of our client’s files was halted and steps were taken to prevent reoccurrence. The preventative work completed previously meant that we were able to recover their data to a point 1 hour before the attack hit, therefore drastically reducing business impact. The ransom also remains unpaid!
What are my next steps?
Speak to us at GCI to discuss how we can safeguard you from all known strains of Ransomware, as well as other web-bourne threats and hacking. There have been so many high-profile data breaches in the last couple of years – TalkTalk, Ashley Maddison, British Gas and JP Morgan Chase to name but a few (the latter estimated to have affected 76m households in the US) – that is has become clear that all companies need to start taking their security more seriously. At GCI we have recognised and responded to this, and have recently invested in cutting-edge unified security management platform AlienVault. This ensures that all our customers are protected from the ever-evolving threats coming from the web round-the-clock at no extra cost, in addition to the 24/7 support and monitoring already offered as standard. Our newly-formed Security Team, consisting of highly-trained and knowledgeable Security Consultants, also provides an extra layer of protection for security-conscious customers.