What Is Ransomware?

Ransomware is a type of vicious malware that takes your computer and files captive by locking you out of being able to open or control them, until a sum of money or "ransom" is paid to the hackers. A ransomware attack can occur to a desktop, laptop, tablet, and/or cell phone. These types of attacks cause massive losses of time, loss or corruption of data/files/information, theft of intellectual property, and even a complete wipe of everything on the entire network.

       

Ransomware

Ransomware is not one strain of malware, rather it comes in many different forms and each one is specific to attack certain items on the device or network. There are some strains of ransomware that are designed to attack PCs and others that are designed to go after Macs. Some attack the devices themselves and simply encrypt everything on that one device, while others are designed to encrypt everything on an entire network. This highly sophisticated process is so devastating, because there is virtually no way to decrypt the attack without paying the ransom.

FAQ About Ransomware

How Can I Be Infected with Ransomware?

Since it's introduction as a professional hacking tool in 2005, ransomware has been deemed one of the most crippling and dangerous types of attack that a company could encounter. Understanding that the encryption is virtually impossible to decode or penetrate without paying the ransom, you, as a user need to be accurately informed of how ransomware can end up on your device and how to avoid being compromised.

Email The most common route for someone to infect your computer or network with a Ransomware attack would be through email. Whether it is in an attachment or link sent in the body of the message, ransomware simply needs to be opened for it to be activated on your end. If you receive an email that has a link or attachment that urges you to open it, or the sender is not someone that you recognize, do not click on the link/attachment. You don't even have to download the attachment for it to work. Simply opening will enact the virus and cause it to attack.

Websites Another major avenue for ransomware is the use of "unauthorized" websites that are either outdated or make you run an unknown or unprotected third-party application. This method is a bit more tricky as it is tough to validate which apps are safe and which are not. If you do not know if an application is safe, complete a quick Google search to see what other users are saying. You also want to make sure that there have been a lot of downloads of that application with a high rating. Hackers will exploit known vulnerabilities in the software that will allow them to bug the entire website.

Free Software One of the most known, yet still effective manners in which ransomware is projected onto your device is through the use of free software or free online services that would normally have to be paid for. Some examples of this would include online free games, game "mods", adult entertainment, screensavers, and websites that claim how to cheat in a game or get around the paywall of another website. As mentioned previously, make sure that you are not clicking on or downloading any software that you do not know of or trust.

Why Is Ransomware So Effective?

Ransomware is the most current and effective form of cyber-crime, as the perpetrators who choose to utilize this tool for their own personal gain have also turned into a business. On the "dark web" these cyber-criminals have made an entire, self-sustaining industry on the workings of ransomware. Because of the shared responsibility to keep this type of attack running, cyber-crime has seen a drastic jump in activity as well as a never-before-seen rate of usefulness. Cyber-criminals now have the ability to implement the program of their choice and send it out to tens of thousands of people in a single sitting. All of the tools that are needed to get something like this up and running are for sale, virtually allowing anyone who has basic knowledge to portray the skill set of a high-level engineer.

There are areas of specialization that allow for small economies to be grown on the back of this cyber-crime. These criminals have started working together to make sure that each one has the proper tools to get the job done right and efficiently. One example of this would be that malware can be registered as a software and receive tech support to make sure it is running at peak levels of speed and accuracy. This has made it exceedingly difficult to track down the perpetrators, let alone the issues of jurisdiction, making it nearly impossible to stop.

We are clearly in for the fight of our lives when it comes to protecting our most precious information from falling victim to this heinous act of violence. We need to make sure we are on top of our game just as these miscreants have over the past decade.

What Strain of Ransomware Do I Have?

Thanks to our friends at ID Ransomware you can submit an infected file, along with the ransom note, through their process and they will be able to tell you exactly what type of ransomware that you have encountered. Once they identify the strain of ransomware that you have been affected with, if possible, they will provide you with a step-by-step process to download for decrypting the virus allowing you to recover your files and/or the shared network. It's a good idea to know which strain that you have been impacted by, because there isn't one decryption that fights all of the types out there.

Why Do I Pay With Bitcoin?

When you are affected by a ransomware attack, you are more than likely going to be instructed to pay the ransom using Bitcoin. The reason for this payment method, is that Bitcoin is an untraceable currency that us transferred from user to user without the use of a centralized authority. This means that banks and government agencies are no longer involved in the transaction process. Although the transactions are completely open to the public, the people who are using the service can stay completely anonymous.

There have been other, rare, instances in which the perpetrators have asked for payment in the form of Amazon or iTunes gift cards.

If I Pay the Ransom, Is the Ransomware Gone?

It is important to note that when you pay the ransom that is demanded by the malware virus, it will unlock you device/network/files, however the malware is still present and can attack at any point in time, again. Usually, within the malware there is other harmful software that can stick around and be used to steal payment information, passwords, and other type of vital information.

Where Can I Report Ransomware?

If you are infected with Ransomware, you should always report it to the FBI's Internet Crime Complaint Center (IC3). Make sure that you include any and all information that was disseminated by the attacker, the infectious email with header, and Bitcoin address (if possible).

Where Can I Get Security Awareness Training for Ransomware?

One of the most valuable things that you and the rest of your company can do to combat Ransomware is to go through Security Awareness Training. This training will provide you insightful information on how to recognize emails that could be potentially harmful. We will also take the time to show you exactly what a ransomware attack looks like, in real-life. We also provide a mock trial to certify that all users understand how to recognize these attacks.

Ransomware Prevention

The best way to make sure that your company is protected from a Ransomware attack, is to take a layered approach to security, rather than having just one solution.

    

Ransomware Tips | New England IT Partners
1. Security Awareness Training

The only way to know what you are looking for, when it comes to malware infections, is for you to see it first-hand. Understanding what the most up-to-date cyber criminals are doing to you is the best way to counteract the ransomware attacks. When you take our Security Awareness Training course, you will have hands-on experience of identifying and dealing with a mock ransomware attack.

2. Internet Security Products

There are many different products on the market for you to purchase in an effort to protect your computer and company

network. However, these products are not 100% reliable as the cyber attackers are constantly testing their malicious software against the weaknesses of these products, in an effort to circumvent the sole reason of having them in the first place.

3. Antivirus Software

This implementation of AntiVirus is a recommended first step in trying to secure your devices and network from malicious cyber attacks. The one item to note with these, is that you will want multiple antivirus software that will work with each other and create a layered defense, rather than having just one.

The list of antivirus products below was proven the most effective at preventing malware:

  • Avira Antivirus Pro 2015
  • Kaspersky Internet Security 2015
  • Bitdefender Internet Security 2015
  • Norton Security 2014 & 2015
  • Trend Micro Internet Security 2015
4. AntiMalware Software

The use and implementation of AntiMalware software is incumbent upon the user, alongside the use of the aforementioned AntiVirus software.

5. Whitelisting Software

The use of whitelisting software allows only software that you approve or is known to the software to run or execute on your system, while all other applications are prevented from running or executing.

6. Backup Solutions

One of the most stressed solutions for protecting yourself against an attack of any kind, is to have a backup plan in case the original plan fails you. In this case, that would be the implementations of backup solutions where you can have your files and information automatically backed up to a cloud. On top of the cloud backup, we also recommend the use of an external hard drive.

Ransomware | New England IT Partners

Tips to Remove Ransomware

One item to note is that Ransomware comes in many different versions so there is no "cookie-cutter" explanation or set of instructions for it's removal. The list of instructions provided below are steps that should be taken for a Windows PC, which may work to completely remove the virus. It is important to note that if you do not or cannot remove the ransomware virus completely, you may lose your files for good.

1. Malware Scan. The first step to take is to download the free version of MalwareBytes and run the scan of your computer. If you are unable to run a MalwareBytes scan due to the ransomware lock, restart your computer in "safe mode" and try to run the scan that way.

2. System Restore. Certain strains of ransomware will disallow you from running any programs or entering your Windows system. If this happens, complete a "System Restore" which will revert back to the last Windows update. Complete the restore of your system using the System Restore settings by restarting your computer and hitting the F8 key when it begins to boot up.

3. Recovery Disk. One of the most effective ways to rid your computer of the virus, would be to use your Recovery Disk that came with you with the computer when you purchased it. You will want to insert the disk and select “Repair Your Computer” on the main menu.

4. Factory Restore. If the above steps have not worked, the last resort is a Factory Restore. PC World has comprehensive instructions for performing a factory restore.
If you manage to remove the infection from your PC using any of the steps above (except the factory restore) your next task will be to recover your files.

 

Unhiding Files

When you are the victim of a ransomware attack, the hackers will do one of two things. The first thing that they could do, which is the most common, is that they will encrypt all of your files as well as your computer. However, there is the off-chance that they will only lock your computer and hide your files without encrypting them. To find out if you were one of the luckier people who encountered the latter option, open "Computer", navigate to C:\Users\, and open the folder of your Windows account name. Then right-click each folder that’s hidden, open Properties, uncheck the Hidden attribute, and click OK.

Encrypted Files

If you followed the steps above to try and unhide your files, but are still unable to find them, then you have been victimized again with encrypted files. Unfortunately, in this situation there is no outright method to decrypt your files. The only way to do that would be the key, which is in the hands of the cyber criminal. From here you have two options:

Option 1:

If you have a file-backup system in place, and they haven’t been encrypted as well, you should be able to restore all your files through that service. If you don’t have a backup system in place, you might be able to recover some of your files from Shadow Volume Copies, but most definitely not all your personal files.

Option 2:

Simply, pay the ransom. Paying the ransom will allow the hacker to relinquish the key for decryption. A word of caution would be, just because you pay the ransom does not mean that you will get the key to unlock your computer or files. You are dealing with criminals after all.