Ransomware cyber-attacks increase to serious threat levels

Ransomware attacks on the increase By Samuel Ingrey, 7Safe Digital Forensic Analyst | 18 December 2015

A recent report published by the Australian government claims 72% of businesses surveyed have experienced ransomware incidents in 2015. Ransomware is becoming a massive problem for business and home users alike. Simply put, ransomware is a type of malicious software, often propagated (spread) via a Trojan, that limits the use of a computer or its data until a ransom is paid to release it.

The question ‘Should we pay the ransom?’ is the one to start with. The short answer is ‘no’.

If the ransom is met the criminals win. The malicious software is not removed from the computer but rather the key to unencrypt your files is provided. What’s to stop them coming back for more? One well known variant of ransomware, CryptoWall (part of the CryptoLocker family), has reportedly generated around £215m for the gang responsible (source: http://cyberthreatalliance.org/cryptowall-executive-summary.pdf ).

A recent update to Crypto Wall, now in version 4.0, makes the ransomware even more disruptive. There is also no guarantee that the decryption will actually work, meaning that a user or business could be hundreds of Pounds/Dollars/Euros out of pocket and still not have access to their data.

How do you get it?

Ransomware commonly infects your system by disguising itself as a legitimate file, e.g. an attachment to an email, or it can hide in a compromised webpage - known as a drive-by download. When it is downloaded from the web, it can run itself without any user interaction.

So if my system infected, how do I get rid of ransomware?

Occasionally ransomware is dealt with by your anti-virus software but if you have caught the ransomware running it has managed to avoid anti-virus detection. The ransomware will generally encrypt or block access to your files or stop the user from interacting with their computer. With a bit of IT knowledge it is often possible to stop the ransomware from running – potentially saving the majority of your files (depending on how soon you catch it of course) or allowing you to regain control of the system. If the anti-virus has been disabled by the malicious software then try restarting Windows in Safe Mode or login with an alternative user account and try running the anti-virus program.

If this doesn’t work, you need expert help. We suggest you call a specialist.

If you can see your data is still being encrypted and you have no backup:

  • Pull the power lead or hold the power button on a laptop until it is off
  • Unplug any connected network cable
  • Call a specialist for advice.

Why should you call us? Here’s what we have done before and could do for you:

  • Safely recovered data that has not yet been encrypted
  • Potentially recover data that has been encrypted
  • Identify how your computer system was infected, - was it an email attachment or maybe a malicious webpage?
  • Advise on remedial methods to get you back up and running safely and quickly
  • Examine computers and servers for signs of a persistent ransomware infection
  • Speak to management in layman’s terms so that they fully understand the situation
  • Provide education to users to lower the risk of a ransomware infection in the first place
  • Conduct penetration testing to ensure that there isn’t a back door into your network

Think you are up to the challenge of defeating ransomware and saving as much valuable data as possible? Visit our stand at the following events and STOMP (Stop The Offensive Malware Process):

  • Security & Policing 2016
  • CRESTCon 2016
  • Infosecurity Europe 2016
  • IP EXPO 2016

Alternatively, learn how to investigate ransomware or other malware attack for yourself on our CMI (Certified Malware Investigator) training course where you will have to deal with a live CryptoLocker infection.

Watch out for more posts on this and other ransomware stories..

And if you are looking for Cyber Security services you can trust – used by Government organisations and the Police, then click through to 7Safe’s cyber pages:www.7safe.com/cyber-security-services

"If the ransom is met the criminals win. The malicious software is not removed from the computer but rather the key to unencrypt your files is provided. What’s to stop them coming back for more?"


« Back