In our latest issue of tech Issue we looked at a security threat which is highly prevalent across businesses today. Ransomware which is a type of malware (malicious software).
But…..What is ransomware?
Ransomware is a type of malware. This malicious software can cause users to be locked out of files and then held to ransom for a sum of money to release the files back to the user.
This is not a new issue, a version of Ransomware named CryptoLocker has been distributed across networks for approx. 3 years.
However, the issue is that protection from this type of malware is limited and a great deal of emphasis is placed on the user being aware of the issue and how the malware is spread.
I have anti-virus, why should I be worried?
The issue with this type of threat is that it is incredibly easy to be fooled by the malware distributors. Whilst the antivirus vendors such as Sophos and McAfee offer protection against ransomware generally speaking the malware writers are very quick to update their code to ensure the malware reaches the unsuspecting victims.
Endpoint protection is vital (anti-virus protection on the PCs/Laptops) and it is possible that the anti-virusprogram will detect the ransomware and stop the user from running the encryption. However, this cannot be fully relied upon due to the constant updates.
We recommend that business owners familiarise themselves with this threat and look to advise their employees on how to avoid ransomware.
THERE ARE THREE TYPES OF RANSOMWARE:
1. Encryption – the malware will use encryption technology to lock all the files and folders on the PC. The user is notified of the encryption either by a text file being placed in My Documents or a Lock Screen – both will display a message requesting payment. CryptoLocker is a type of file encryptor.
2. Lock Screen – the malware will lock the user out of Windows but will not encrypt any files. This obviously stops the user from working on the Windows device and requests payment to release the PC.
3. Master boot record ransomware – This is where the malware interrupts the normal start-up of a PC and instead of booting to Windows the malware will boot to a ransom demand screen.
How is the malware distributed?
The vast majority of ransomware is distributed by spam email. Therefore, the best way to protect the network is to have anti-spam solutions from either your ISP, an email protection service from vendors like Sophos or McAfee, or on your Exchange Server. However, again, whilst protection services can and should be deployed, the malware programmers will constantly be changing their methods to send the emails and avoid being caught by the anti-spam services.
With anti-virus and anti-spam services in place, which will protect from millions of threats every day, we have an issue with the way the threat is being constantly updated by the malware coders. Therefore, we need to be less reliant on the programs we run to protect our data and more aware of user training.