What is ransomware?
As the name suggests ‘ransomware’ is a malicious software that denies a user(s) access to data stored on a Local PC, Server and now mobile devices, this data will be held to ransom until a fee has been paid.
Types of ransomware
Encryptor Ransomware – Files will be deleted once they are encrypted, generally this will be replaced with a text file which is inaccessible and will contain instructions for payment.
WinLocker Ransomware – The screen displays an image that will block all other windows and a payment will be demanded.
The rise of ransomware on mobile devices is occurring at an alarming rate. Back in 2014 F-Secure released a report to highlight Android are the most popular target for attacks. In the first quarter of 2014 there were 294 new threat families on the Android platform compared to the one on iOS.
Victims downloaded the software through Fake apps and Videos which looked genuine. The Trojan then encrypted the user’s files and locked the owners out of their mobile devices until the ransom was paid. If the ransom was not met then the attackers would threaten to delete the encryption key, at which point the data would be irretrievable.
The single best solution that will enable you to defeat ransomware is by having a regularly updated backup. This way you should only be limited to losing the work that you have been working on that day (or however often your backup runs). Although having a backup on the network you are accessing may help in most cases it is not in its entirety a solution that will protect all of your data.
Cryptolocker also has the ability to encrypt files and folders that are mapped via a shared location web based projects. This includes any external drives such as USB drives or data that is stored on the cloud (an external host) i.e. Dropbox.
With this in mind it is imperative that you have a regular offsite backup in place. This can either be to a USB device that is taken offsite, tape backups or an online solution. By implementing a regimented backup, if you are unfortunate enough to be infected with ransomware, you will be able to calculate how much data you are going to lose at any one point, be it a day or half a day (depending on the regularity of your backup).
– Ensure that you always have a backup. Depending on how much data your company produces on average you can set backups to run accordingly (the more data you produce the more regular your backups should be).
– Have an offsite backup, either with a USB device, Tapes or Online.
– If you use a cloud storage solution such as Dropbox, use the online version (via a browser) rather than mapping it as a shared drive.
The methods used in these ransomware attacks are continually evolving, so much so that the hackers are able to delete Virtual Drives completely whilst replicating the files to their own servers. The organisation will not be made aware of the attack until they navigate to where the virtual drive used to be, at which point once they open it they will receive a notification from the hacker(s) which will usually criticise the company’s security plus demand money for the data, which they will either delete or sell.
One of the world’s leading Data Recovery specialists, Kroll On Trak, recommends the following to help avoid Ransomware attacks:
- Always keeping anti-virus software up-to-date;
- Creating regular back-ups of corporate data on devices outside the network; and
- Storing additional back-ups of virtual drives on devices at a different location.
Over time versions of ransomware have been broken down and solutions to recover data for certain types of attacks are readily available. However, there are more and more attacks being carried out on corporate systems and as these types of ransomware continue to develop there is only one real solution to ensure your data is safe – ALWAYS BACK IT UP.