Trends in Malware: Crypto-Ransomware

There’s a good chance you’ve seen recent news stories regarding a family of malware currently making the rounds from small businesses to major hospitals to critical infrastructure such as water treatment stations. Ransomware, or crypto-ransomware, attempts to infect vulnerable computer networks through various methods, encrypting vital files and programs in order to collect a ransom payment from the victim. If the victim pays the ransom, they receive the cryptographic key needed to return their files to normal.

Although many different versions exist, most crypto-ransomware shares key traits. For example, most strains use strong encryption protocols to scramble your data, making it unusable without the key, the only copy of which belongs to the crooks running the malware, of course. Another similarity is the use of Bitcoin payments on the dark web, usually through the Tor network, as the main forms of payment and delivery.

While a ransomware attack can devastate an unprepared network, spreading from computer to computer, a few easy-to-implement defensive postures can go a long way towards preventing such a malware infection. There are even ways to recover from a successful attack without paying the ransom…provided your IT staff took the proper precautions ahead of time.

First on your list should be keeping your OS and apps up-to-date. Make sure you’re running the most current antivirus definitions, operating system patches, and software versions. Doing this ensures your applications aren’t full of security holes from years ago. Just in the last several months, updates have been rolled out that close several of the vectors for ransomware attacks. You should be doing all these updates under “IT best practices” anyways, so if you’re not, hopefully the threat of ransomware will spur you to action.

The next step is educating yourself and your staff. Ransomware thrives on the ignorance of poorly trained office workers by tricking them into opening booby-trapped e-mail attachments. The attachments appear scrambled and prompt the user to enable macros for proper viewing. Once enabled, the trap is sprung and the ransomware can take hold of the workstation and spread across the network. Training workers not to open unsolicited attachments from e-mails, double checking that macros in Microsoft Office are disabled, and having a clearly defined process for dealing with “mystery” e-mail attachments all reduce the risk of ransomware infection.

Instead of enabling macros to read an attachment, use Microsoft Office Viewers.  Available for free from Microsoft’s website, viewers are easy-to-use and will allow you to open, view, and print attachments without the need for enabling macros. Since programs like Word Viewer and Excel Viewer don’t allow macros, they are much safer to use on suspicious e-mails than simply opening them in actual Word or Excel.

Last but not least, having a properly configured off-site backup solution in place is essential for restoring data in the worst case scenario of a crypto-ransomware attack succeeding on your network. Ransomware often encrypts backup files (such as Windows Shadow Copies) that are stored locally on the network, preventing their use in restoring files. For this reason, redundant copies of all data backups should occur to an off-site repository such as a cloud data storage service. Since the cloud is separate from your company’s network, even if everything in the network falls victim to encryption, your off-site data is safe…and available for restoration to the last backup point.

Crypto-ransomware can cripple an unprepared company entirely. Paying ransoms is expensive and there’s no guarantee you’ll be given a key, or get all your data back in one piece. You are dealing with criminals, after all. By taking the proactive steps of training your staff and properly configuring the network and software, your company can greatly mitigate the risk of becoming infected by crypto-ransomware.

True Tech Consulting specializes in helping small- and medium-sized businesses implement proper network configuration, security, data backup and disaster recovery. If you’re worried about ransomware or other threats to your business, give us a call for a free consultation today!