Threat Intelligence Blog

Posted January 13, 2015

If You Ever Want to See Your Hard Drive Again…


While ransomware has been around for decades, the issue seems to have hit the public consciousness in recent weeks, with articles in Slate, NPR, and the New York Times detailing various ransomware cases of individuals, businesses, and even city governments paying anywhere from hundreds to hundreds of thousands of dollars to retrieve their locked files from cyber criminals.

The major takeaways from many similar stories are that most people end up paying to unlock their files (even if payment doesn’t always result in the desired effect), and that new, untraceable payment methods such as Bitcoins make it easier than ever for criminals to take your money and disappear without a trace.

Ransomware is a type of malware, often contracted by clicking on infected links in emails, advertising, or websites, or by downloading infected attachments from emails. One of the most well-known versions is Cryptolocker, which has many variations and has reportedly taken more than $3 million from victims. CryptoWall, a successor to Cryptolocker, is estimated to have netted as much as $1 million in ransom money.

Bearing in mind that files may be lost even if payment is made, what can you do to avoid this problem? The best defense is to avoid contracting ransomware in the first place. Here are a few tips to reduce the risk of getting it:

  • Only download mobile apps from legitimate app stores, not third-party app stores.
  • Don’t click on links about salacious news stories, especially on social media, or from sources you don’t know. Even emails from friends or family may have malicious links, as personal accounts are frequently targets for hackers.
  • Ransomware attacks are often disguised in official-looking but fake email notices from governments or shipping companies such as FedEx. If you have any doubts, it’s best to go directly to official websites to confirm transactions or shipments, and confirm with email senders that they sent you a legitimate attachment before opening it.
  • If you receive messages about problems with any of your accounts, call your bank or PayPal directly (not a number listed in an email, as these may also be compromised) and speak to an employee to find out if there is really a problem.
  • Train your employees about recent attack methods and how to avoid them in order to keep your organization safe.
  • Use anti-virus software that checks for ransomware and zero-day malware, and make sure all software programs and browsers are up to date.

While ransomware attacks are likely to continue as long as they remain profitable, following the above steps is a good way to stay clear of the majority of ransomware attempts.

Backing up your computer on a regular basis on an external hard drive (and unplugging it when you’re done) is another good defensive technique—that way locked files won’t pose as big of an inconvenience, and you may be able to restore files from the backup hard drive. Macs aren’t immune, and ransomware isn’t just limited to PCs or laptops. Kaspersky Labs reported last year, for example, on ransomware affecting iPhone users in Australia.

If you or someone you know does fall prey to ransomware, many security experts recommend trying to remove the offending malware first before paying a ransom. Some recommend paying the ransom to retrieve the files and then solving the problem, but this approach may only encourage more criminals or result in follow on attacks. Keep in mind, though, that even if the ransom is paid, you might not get your files back.

Other resources are Microsoft, which offers a program called Windows Defender Offline to clean PCs before reinstalling backup files, and FireEye and Fox IT have created a website that offers free assistance in unlocking files infected by CryptoLocker.

Learn how our computer-based cyber safety awareness training can help protect your employees and organization from ransomware and other cyber threats.


Additional Posts

Cyveillance Weekly Trends Report – January 13, 2015

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...

Feedback Friday: Is North Korea Behind the Sony Hack?

The hackers’ activities came to light on November 24, when the computers of Sony employees ...