Ransomware is a growing threat to UK and global business and a reported 54% of Uk business have been affected in some way by ransomware in 2016. Ransomware is a computer malware that encrypts and renames your files and asks you for money to resolve the issue, usually paid in the form of Bitcoins.
The principle is that the malware encrypts files on a system’s hard drive using an unbreakable keycode, and this is decrypted by the attacker once a ransom is paid usually in the form of Bitcoin. The recent attacks on the NHS and subsequent encryption held the institution to ransom for a reported £15,000 and shut down a number of national operations immediately and for the days to follow.
Ransomware is mostly delivered through email, says Mark Whittle, Head IT engineer at AdaptiveComms. He confirms that ransomware is typically delivered via email opportunistically and the typical content of the email is a shipping invoice or a mobile phone invoice from one of the major operators.
“In the past 12 months the quality of the written text in these emails has improved immensely and the graphic quality is of an increasingly convincing standard,” he says. “While the majority of ransomware attacks still happen by chance, we often see them being targeted towards specific countries.”
Also, many attacks are delivered by mass random emails. Mark James, security specialist at ESET, says the intention is to infect as many as possible to maximise the chances of getting a result.
Ransomware is also delivered via drive-by-download attacks on compromised websites. Although the problem is well known, avoiding infection is a bigger problem, as well as what to do when you are infected.
The most common advice to recover from an attack by ransomware relies largely on whether a good backup policy is employed for your data and entire system backups. Off site back up at secure data centre will ensure your data is kept safe in the event of a ransomware attack. Off site backup sites maintain an extremely strong security protocol and the most up to date firewalls available, they maintain end to end encryption of data and sites are manned 24/7.
Having a “layered approach to security” is one of the cliches of modern infrastructure, but for repelling ransomware, it should be taken seriously.
We recommend a layered approach with a combination of following-
-Office 365 email spam filters
As well as adopting a layered approach, updating your OS e.g. installing the most recent patches and updates remain the best form of security.
Although opportunistic in their approach most ransomware attacks are conscious of a vulnerability in an operating system so naturally target these weaknesses. Ensuring you are up to date with Patches by regularly restarting your Laptop or PC could be the difference between safety and a meltdown
We have all been there on a Monday morning after a busy bank holiday weekend or on return from annual leave, the inevitable build up of emails. When we return we most likely churn through a good number haphazardly in an attempt to turn 469 to 0 (or at least single figures… still unrealistic?) this behaviour in business can be taken advantage of, however.
When we are operating in this way or in fact anytime we are checking our email careful attention must be paid to unsolicited email, clicking links on these emails often with a subject ‘ Insert Company Name Shipping Invoice’ or ‘ Your recent Bill’ are loaded with an .exe file masquerading as an assumed PDF or Word document, that will enrypt your data.
In a number of these emails grammatical or spelling mistakes can be a key indication, look out for mistakes like ‘Payepal’ or unusual spaces, symbols, or punctuation like “iTunesCustomer Service” instead of “iTunes Customer Service”.
If you have any further questions regarding ransomware or IT security please get in touch, Email Joemcardle@Adaptivecomms.co.uk
call 01704 540547 and ask for Joe