You’re probably familiar with viruses, spyware, and malware, but there is another type of infection that’s been plaguing computer users for the last year, which is being called Ransomware. Ransomware is becoming the favored type of infection wreaking havoc on computers, and managed services providers like Natural Networks have noticed an uptick in these types of infections over the past year. Typically, a virus will attempt to gather information, or to serve up advertisements in the form of pop-up’s. Ransomware is different from previous kinds of viruses because instead of attempting to gather info or generate pop-ups, it instead uses a 2-key encryption method to lock your files, and then demands payment for the key to unlock the now encrypted files. It’s easy to fall victim to these types of infections without a trusted IT source, as the mother of Alina Simone found out in early 2016 herself when she reported one of the first such infections on her Mother’s computer.

Ransomware is different from other forms of malware in that it is not an infection on your computer that can simply be removed. The attack takes place when access to your computer is granted to a hacker, or a bot setup by a hacker, that is looking for open sources to deploy a payload to. This can be achieved through phishing emails, browsing infected websites, clicking infected pop-up ad's, and other various methods employed by cyber-criminals to infect computers.  ransomware

When the malware is successfully loaded onto your computer or mobile device, it immediately begins encrypting various file types on your computer. After encryption of your files finishes, it then displays a pop-up message with instructions on how to pay, how much to pay, and how long you have to make payment before the key is no-longer available and your files are deleted. Even if the malware is removed, your files will remain encrypted until payment is made.

According to Microsoft’s Security Technet, the targets of malware are non-discriminatory, and could infect any computer or mobile device that is not properly protected. If you’re a user of email, web browsing, online shopping, or simply working on your computer, then you are a potential target of Ransomware. It may not be surprising to know, but the United States is the ransomware effected countriesnumber one target of this type of infection by nearly 10-fold, trailed by Italy, Canada, the United Kingdom, and others.

Ransomware comes in various forms as well. It has been replicated and multiplied significantly since the first instance came about years ago. There are now countless types of ransomware which come in a variety of different forms. However, the infections end-result is almost always the same. Your files are encrypted, a key is generated, and your files remain encrypted until the ransom payment is made.  Natural Networks IT support advisors recommend only paying the ransom as an absolute last resort, in the case you do not have a recent back-up, or for some reason are unable to restore your data from a backup.

There are many risk-factors associated with paying the ransom to get your data back.  There is no way to know if paying the ransom will actually result in you getting the key to decrypt your files. There is also no guarantee that paying the ransom will prevent your computer from being targeted in the future. Perhaps most importunately, paying the ransom encourages this behavior, and solidifies that this is a good method for hackers to exploit innocent computer users. The reason an infection becomes popular among hackers is its rate of success. The more victims who are infected and pay, the more popular this type of strategy becomes among the cyber-criminal who employ it. Bryce Whitty of Technibble explains that generating money is one of the main purposes for infecting computers with this type of virus. Thousands of infections were reported over the last year, which makes it easy to understand why G Data Software Security Analyst Andrew Hayter called 2016 “the year of ransomware.” The FBI announced that just in the first 3 months of 2016, Cyber-Extortion methods like Ransomware generated $209 million dollars in revenue for criminals. At that rate, this type of extortion is on pace to be a $1 billion dollar a year crime just for 2016.

Unfortunately, most forms of ransomware are non-reversible, even with current Anti-Virus programs. The best methods put forward by our IT managed services team has been to employ multiple layers of prevention and educating users. Keeping your anti-virus up to date, knowing where you’re browsing and what your clicking are all great preventative steps to keeping your data safe from this hellish infection. Natural Networks utilizes active monitoring as a managed it service, and we have employed a unique set of conditions on the servers we manage known in the community as Crypto Canary.

The Anti-Malware community at Spiceworks details more about Crypto Canary, but it essentially allows for managed service providers to create a set of conditions which when triggered, immediately updates permissions of files to deny the ransomware from fully encrypting data on the servers and workstations we manage. However, the most successful method for getting your data back without having to pay, is to remove the infection with one of the various free anti-malware tools such as Malware Bytes, and then restoring your data from your most recent backup. If for some reason your backup does not restore the files you need, or if you do not have a backup, it is critical that you leave your computer infected with this malware.  If you are to remove the infection without an in-place backup, it will no longer be possible for you to get your data back through paying the ransom.

If you do end up having to bite the bullet, you'll be doing so in the form of a payment in Bitcoin. Bitcoin is a new and unique form of digital currency which is used by various organizations to send and receive money.  This has become the favored way of accepting payment by cyber-criminals as it is decentralized, and impossible to track who the money is going to.  There are various ways of obtaining bitcoin to make the payment to restore your data.  Either by visiting one of the various Bitcoin market sites such as coinbase.com, or by visiting one of a number of Bitcoin ATM terminal's hopefully not to far from where you are.

If you’ve been infected with ransomware, or another form of malware, then we’d like to know. Natural Networks is a fully Managed IT Support provider, and we are always looking out for the next cyber-security threats and protections that are out there. If you would like to know more, give us a call or email us today!