Ransomware is a type of malware (malicious software) that has gained notoriety in recent months due to high profile cases of companies being infected and forced to pay a ransom. In the first half of 2016, we have seen destructive ransomware variants infecting hospitals and higher education institutions.
What is it?
• Ransomware is a malicious software that aims to restrict or deny access to computers or files, and it demands a ransom payment to restore access.
• Ransomware has been around for years in different forms, all of which attempt to extort money from victims.
• Cybercriminals attempt to infect computers, network files shares, cloud storage locations, or any other location where sensitive data is located.
• Often victims are directly notified – either by a message window that blocks the entire computer screen or a text file left where your data was located, saying unless a ransom is paid, access will not be restored.
• The ransom varies between $100 and $500 and often must be paid in virtual cryptocurrencies such as Bitcoin.
• There are two types of ransomware:
o Locker Ransomware: locks out access to the computer by generating a pop-up message blocking access to the computer. The message will often contain content claiming to be from law authorities indicating that you have been found carrying out illegal activity and that a ‘fine’ must be paid in order to restore access to your computer.
o Crypto Ransomware: restricts access to files by encrypting them. This version is much more serious because often the encryption algorithms used cannot be broken.
• Take a look at these videos explaining ransomware:
o https://www.youtube.com/watch?v=FV-HW3NYdF8
o https://www.youtube.com/watch?v=shDgBHUXnr8
How do I get infected?
• Clicking a malicious link in an email
• Opening a malicious attachment in an email
• Clicking an advertisement on the internet
• Plugging a USB stick or other removable media into your computer
• Downloading an untrusted application or software
How do I protect myself?
• Back up your files. Ensure you are constantly performing backups of your files to your OneDrive.
• Limit social engineering chances:
o Social engineering is the manipulation of someone into performing a desired action by divulging confidential or sensitive information.
o Often attackers will perform research on targets to identify information they can use to socially engineer their target.
o This involves looking at social media sites such as Facebook, Twitter, Instagram, professional sites such as LinkedIn, and general research on individuals.
o Always put security settings at the highest for all online presences you may have and limit the amount of information you put online.
• When browsing:
o Don’t download any unapproved software, especially from free sources. There have been some ransomware variants that pose as software, even appearing in trusted application stores like Apple’s App Store.
o Do not click on advertisements. Ransomware is commonly delivered through malvertisments (malicious advertisements). Cybercriminals will compromise a website’s ad with programs that when clicked can cause ransomware to download onto your computer.
• For email:
o Check who the email is from. Is the email from someone you don’t normally communicate with? Is the email uncharacteristic for someone within your organization? Is the address from a domain you don’t recognize? If the email appears to be from a credible source, such as a bank or internet service provider, verify with the organization that the message is legitimate. If the email came from a personal contact, verify the email came from them.
o Check the content of the email. Does this email seem to come out of nowhere? Is it referencing some previous communications, meeting, or dialogue that you are not aware of? Is the email a reply or a forward that you were not involved in or expecting? Is there bad grammar or spelling?
o Do not click links or open attachments. Does the link or attachment not make sense based on the sender? Does the link or attachment claim to be exposing something embarrassing for you? Does the link or attachment claim to be protecting you from some negative consequence? If you hover over the link, does the website being displayed match the link? It is best practice to search for the link on your own in a browser rather than clicking on the link.
What to do if you are infected:
• Turn off your computer immediately..
• Contact help desk 429-HELP
Remember, if you see something, say something. Report suspicious behavior!