Security Briefing: Ransomware 101

publish date is August 4, 2016
By: Alexa Strohm

What you need to know about the threat of Ransomware and how to protect your data

Ransomware. Just the name makes a Systems Admin sweat until they check the status of their backups. According to a study conducted by the Kaspersky Security Network, “the number of Kaspersky users encountering any type of ransomware increased 17.7% over the two years of the study. However, during the same period, the number of users encountering the cryptoware variant increased 5.5 times (from 131,111 instances in 2014-2015 to 718,536 instances in 2014-2016).” Meaning, there is more than one form of cryptoware and it is constantly evolving, creating more susceptibility and vulnerability to attack. The best protection against this new wave of threats is to educate yourself and prepare.

What is it?

Ransomware, such as CryptoLocker, is a malware attack that takes editable documents such as Excel, Word, and PowerPoint files and encrypts part of the file rendering it unreadable and unusable. This attack will affect all files within an individual’s profile as well as attack all network drives with which the individual has access, making this type of attack very dangerous.

How does it happen?

The most common method is a phishing spam email; an email containing a Word document file that says you cannot view and you must enable a macro to view it. Once you do, the virus downloads and starts the encrypting process. Another method is labeled as “water-holing”. Water-holing is an infection incurred by visiting a legitimate website that has the malware within the site. By simply visiting the infected page, you can be exposed. Though not as common as the phishing method, there is still cause for concern.

What happens once I am infected?

First, you will receive notification of the process and a notification of the ransom required in order to obtain the encryption key. The ransom generally is in the range of $300 to $500 for a personal machine. Businesses have seen ransoms ranging from $5,000 up to $20,000 and beyond. Typically, the ransom must be paid within 48 to 72 hours. If the initial deadline is not met, sometimes the price may increase, or worse, you may not be able to retrieve your data. However, there is no guarantee that even if you do pay, your data will be released. In some instances, the key itself contains additional malware which could disrupt the recovery process.

Can my data be recovered if I don’t pay the ransom?

The techniques used now to encrypt make recovery very difficult and use combined RSA/AES methods which allow for faster encryption speed. Elliptic curve algorithms enable deeper levels of encryption while still retaining the speed of the attack. In short, it’s possible, but not guaranteed and very difficult.

Who is susceptible?

Windows PCs are most common, but also Mac computers, as well as Android tablets and smart phones.

How do I prevent a Ransomware attack?

Like email spam, there is no way to prevent this kind of attack entirely. However, an ounce of prevention is worth a pound of cure. And in some instances, $5000 – $20,000 worth of cure.

• Education – Learning how to spot fake emails and spoofs will help prevent you from opening the wrong email.

• Backup. Backup. Backup. – Using an external hard drive for your local machine or backup software will allow you to protect your files. Having an up to date backup allows you to be able to restore your data quickly.

• Security software – In the good old days, anti-virus was enough, but these days, layers of security are needed to keep up with the ever evolving threats of malware. Investing in an anti-malware solution pays off in dividends. And don’t underestimate the power of an update. Updates keep your software up to date, and you protected.