Ransomware

Ransomware is the fastest growing malware threat. It targets all users and severely damages businesses around the globe.

In the first six months of 2017, there were two large ransomware outbreaks that affected individuals and businesses across the world; in May a variant dubbed ‘Wanacry’ affected over 300,000 computers, followed by the variant ‘Petya’ in July that affected 16,500.

Definition

Ransomware is a type of malware that locks your computer, system or network until you pay a fee.

After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.

Ransomware infects computers the same way as other types of malware, for example it can be attached to or linked from a malicious email, hide on malicious websites or pretend to be useful applications on peer-to-peer networks.

It doesn’t matter how big or small your business is, or whether you hold valuable information, ransomware stops you accessing the files that are important to you.

The two main types of ransomware are:

  • Crypto-ransomware: encrypts your files with an unknown password. The password is randomly generated by the attacker to make it impossible for you to guess. You won’t be able to access your files until you pay the ransom and get the password to unlock them from the attacker.
  • Lockscreen ransomware: locks your computer or files. A message will appear on your screen telling you that you need to pay a ransom before you get access back. You won’t be able to remove the message or access your desktop, apps, or any files.

There is also a variant that copies your browsing history and threatens to share it with your contacts if you don’t pay the ransom.

Ransom payment

CERT Australia recommends you do not pay the ransom if affected by ransomware.

There is no guarantee that paying the ransom will restore your files (it often doesn’t), and it could make you vulnerable to further attacks. Report the infection and seek help from a cyber security expert.

Top three reasons businesses are vulnerable

  • The staff - Online behaviour of staff is the biggest vulnerability a business has when it comes to ransomware. Clicking on links in emails or downloading files are the two fastest ways to infect your network.
  • Not performing regular backups - Backing up networks is crucial for bouncing back from a ransomware attack. If you have a backup, you haven’t lost anything. If you do not, you have potentially lost everything.
  • Not installing software updates - Many of the largest global ransomware campaigns, such as WannaCry and Petya, exploited a known software vulnerability that Microsoft had issued a patch for.

How to protect your business

  • Make regular backups of valuable files and maintain an offline copy. As online drives and network shares are encrypted by the malware, any connected backups will be rendered unusable.
  • Ensure computer systems are running antivirus software with the latest antivirus signatures.
  • Consider implementing application whitelisting or, at least, software restriction policies to hinder the ability of malicious software to execute successfully.