Ransomware – June 2016
By Rich Kukla
The day usually starts out like every other. Coffee is brewed. The kids are dropped off at school and there might even be some water cooler chatter about last night’s “Game of Thrones.”
Little do you know that impending doom lurks around the corner.
At the office, you settle into your workflow. Phone messages are retrieved and the morning e-mail is answered. But then you make a potentially fatal mistake. A seemingly harmless e-mail catches your eye and sure, it looks real enough. Perhaps it’s an e-mail from PayPal, FedEx, or something that looks like it could be from your bank or Amazon. It could even have sophisticated legalese in the subject line to throw you off-guard. You open it and click the link within or download its attachment.
Boom. You’ve just infected your entire network with a ransomware virus that has encrypted all of your data before you even know it’s there.
Think of this relatively unknown cyber villain as Ransomware 2.0, where your most important information becomes encrypted — the billings of your law firm, important and sensitive client notes, briefs you may be writing — everything that a modern-day law office will hold near and dear. And unfortunately, there’s no way to retrieve your files unless you open the cash register.
Like something out of a cheesy ‘90s action film, you’re usually given something akin to 72 hours to fork up the cash and, if you don’t, the numerical key to unlock your data is lost.
Poof. It’s gone in the wind.
If you think this newfound tech landscape resembles the Wild West of Deadwood where outlaws can put a gun to your virtual head and there’s little you or the wimpy sheriff can do, you’re right. Ransomware, such as CryptoLocker, CryptoWall, and Locky, are digital villains who are practically invisible. Even the currency that you’ll use to pay the virus creators is paid through such covert, anonymous and most important, untraceable, sources as Bitcoin and MoneyPak.
In the past, a savvy security technician could usually circumvent the ransomware. Not the case anymore. The latest generation of ransomware was considered much more diabolical when it first appeared popped on the scene roughly three years ago.
So how does the malware infection actually work? In the ransomware’s initial malicious e-mail, there’s usually a zipped file that will usually look innocuous enough and may even look like a PDF or Word document. These documents are innocent, right? Wrong. The file is actually an executable file that, when opened, unleashes doom upon your system.
It then connects to a remote server where it quietly will start encrypting all of your Word documents, Excel spreadsheets, PDF files, photos, videos, etc. Lastly, a pop-up window appears with a demand for money along with a countdown clock. Think of that as the gun to your head.
The bad news? Ransomware viruses aren’t going anywhere, and they are becoming more diabolical and sophisticated in each revision. The good news is that offices can certainly protect themselves through smart computing.
First and foremost, back it all up. Backing up your data is more important than ever. Although, if your backup files reside on a server that’s held hostage, you may be out of luck, so an independent, non-local backup of your most important data should be practiced regularly. In addition, there are several online backup methods from reputable vendors such as Datto that will not only keep your files safe, but also replicate your data to a secure data center where it will be further protected from infection.
Don’t be click happy. Always be suspicious of attachments. To quote security guru Steve Gibson who hosts the popular Security Now podcast with Leo Laporte, “If you did not go seeking it, don’t do it…” Sure, his advice may sound overly simplistic and a tad pithy, but it’s indeed true. Initiate the action instead of the action being pushed upon you. What does that mean? If you suspect your bank may be sending you a PDF of your account for whatever reason, call the bank before you click on anything that will potentially ruin your business for the short-term.
Assume you’re always being phished. One look at any spam folder will illustrate not only how many scam artists are out there (yes, we’re talking to you, Nigerian prince) hawking magic pills or porn, but lethal culprits just waiting to infect your system.
Keep your anti-virus software up-to-date. What’s more, employ an anti-spam option if possible. That said, users shouldn’t always rely on an anti-virus suite to solely keep them safe. While it’s preferred to have a layer of protection like firewalls and security software, these ransomware viruses get more and more sophisticated each year and are seemingly one step ahead so keeping software current is imperative.
It’s just not e-mail. Be cognizant to the fact that the scope of this malware goes larger than your in-box. While most ransomware may come in the form of social engineering e-mails, there have also been dangerous links found on Twitter, various instant messenger services and, of course, Facebook.
But let’s say you’re infected by this ticking time bomb. What should you do? Completely shut down your computer and call a professional who has experience in online security. Some companies will be able to detect and remove certain ransomware infections. If the experts cannot remove the agent for whatever reason, a full Windows install may be in your future. And who wants that?
The reason why ransomware has been so successful is that once infected, people will do almost anything to retrieve their files — even if it means paying several hundred or several thousand dollars. Even some security experts surmise that it’s a small price to pay for decades of documents, spreadsheets, or photos.
In the end, however, you yourself hold the key to the real defense against this evil malware by not allowing it on your system in the first place. Be smart. Be aware. Don’t open or click on anything that looks suspicious. They won’t come in if you don’t open the door.
Rich Kukla is IT Manager at Document Solutions in Kenilworth.
Rich can be reached at 877-937-677.