Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

The truth about ransomware and the one way you can defeat it

Ransomware is remotely installed malware (malicious software) that encrypts the files stored on that computer. Criminals install ransomware and then demand a ransom, usually payable in Bitcoin.

The files remain encrypted until they are decrypted using a key, even if you manage to remove the ransomware. If you don’t pay, the files remain encrypted. Sometimes criminals threaten them with deletion. Either way, if don’t pay, you’ll never see your data again.
 
While email is a common dissemination method, ransomware criminals have other ways of getting their ware on your system.

Easily used website building platforms have exploded in popularity, precisely because they are so easy to use. Non-technical users can put up a site in a few hours, and so they have – by the hundreds of thousands, if not millions.

Because they aren’t technically adept, it never occurs to these site owners to change the Administrator default login and passwords. They also don’t understand the importance of updating and patching, nor do they install security plugins, simply because they don’t know such plugins exist.

The rapid growth of unsecured websites enhances the potential gain for criminals, since the greater the number of victims a criminal can extort, theoretically means greater profits.

Cyber criminals are constantly probing for unprotected websites, sending hundreds of thousands of attacks every day. Upon finding a site that is unsecured, even a mediocre criminal hacker can enter and do whatever s/he wants with the code.

The malware types and the order in which the following event examples take place will vary, because the criminal in charge decides when to deploy and exploit any downloaded malware payloads.

Say for example the criminal installs code on the undefended site that redirects all visitors except one to Russian or Chinese merchandising sites. The lone exception is the site owner’s IP address, so the owner thinks everything is normal and has no idea what’s going on.

If after a while it becomes apparent the site doesn’t send sufficient income-generating traffic to the criminal’s merchandising sites, an impatient criminal may decide to install ransomware payloads, readily deployed to any browser visiting the site.

Alternatively, visitors to the compromised website receive an initial infection of a simple exploit file. They have no idea their machines are infected, because the file lies dormant, awaiting instructions.

Following expiration of a set time or after a certain event takes place, the exploit file receives a command to download ransomware onto the system, from another site that the visitor likely doesn’t know exists, and may have never visited. That way the unsuspecting user has no idea what site the ransomware came from. Hence the term you may have heard: “drive-by malware infection.”

You too can become a cybercriminal, by employing a vendor who sells ransomware as a service. For a small setup fee and a percentage of the total amount you manage to extort from your victims, established criminals will provide everything you need to become a ransomware commando.

Bottom Line: You can become a ransomware victim through no fault of your own.

Until you pay the criminals who unleashed it on you, your data remains encrypted and therefore unavailable.

Some ransoms are small, on the reasonable assumption that smaller ransoms are more easily paid. Others – particularly those demanded from specifically targeted organizations – are larger. Regardless of the ransom amount demanded, you don’t want the downtime and reputation disaster caused from inaccessible data.

So why not pay the ransom? After all, police departments, hospitals, and governments that are supposed to be better protected than you have all paid ransoms.

The official theory is that the criminals will always give you the decryption key, because their extortion scheme falls apart the minute no one trust them to do so. Earlier this year that theory died when a victim organization paid, the criminals collected, and then refused to send the key

At least one malware variant claiming to be ransomware deletes your files instead. If Ranscam infects your system, your files are gone, regardless of whether or not you pay the ransom. There’s a reason “no honor among thieves” remains a truism.

Additionally, even if you pay the ransom, with the ransomware still on your system there’s no guarantee your files won’t be encrypted many more times… or that the original criminal won’t sell your information to another criminal, because you’ve now qualified as a payee.

The best way to protect yourself from any form of ransomware is the same as for any other disaster, and the one nobody ever wants to take: prevention. Nobody likes taking precautions... just ask the life insurance salesperson. Prevention has always been a tough sell – if not for building codes, how many would buy smoke detectors?

The key that prevents ransomware email attacks is education. Train your users to cautiously examine email; to check not only the sender’s name, but also the sender’s address, and examine the actual link the sender wants them to open; not the link the sender claims.

As noted above, email is not the only ransomware attack vector. In the event ransomware holds your data hostage from a drive-by infection, avoid paying a ransom by having a business continuity and disaster recovery plan that includes up-to-date backups and tested data restoration. Having backups, and knowing those backups are restorable to a point in time before the infection, puts you back in business.