The latest crypto virus/ransomware attacks that are putting on-site back-ups at risk
Ransomware (also known as ‘malware’) is a malicious software programme designed to prevent victims from accessing their files unless they make a ransom payment. Ransomware attacks come in various forms, which vary in severity:
- Scareware: Rogue pop-ups claiming that malware has been detected and claiming to offer a solution to the attack. It is designed to scare people into double-clicking and installing software. If victims don’t click on the pop-up and pay the fee, this type of Ransomware poses no actual threat to files but does cause frequent pop-ups if no action is taken.
- Screen lockers: This type of ransomware freezes victims out of their computers entirely unless a fee is paid to receive the encryption key (although there is no guarantee that the hackers will actually supply the key even if they receive payment). People with full back-ups in place may restore to a working version otherwise they may have to start from scratch.
- Encrypting Ransomware (also known as ‘crypto virus’): This is the most serious form of ransomware. It encrypts any computer files it comes into contact with using an unbreakable ‘key’ known only by the software maker. Once crypto virus encrypts files, it drops instructions into the encrypted folders about how to decrypt the files and gain access (usually to pay a fee to the ‘hostage taker’).
Ransomware is designed to enter an organisation’s system despite its firewall and antivirus protection. It infiltrates systems through users, most commonly:
- through spam mail containing links or attachments that deliver Ransomware;
- through illegitimate software downloads;
- through malicious advertising (‘malvertising’) – whilst browsing the internet, users can be directed to criminal servers, even without clicking on an ad. These servers log the details of victims’ computers and locations and select the best form of malware to deliver (often ransomware).
The evolving threat of crypto virus
All it takes for the encryption of files to begin is human error – one user inadvertently clicking an infected link or attachment. With crypto virus attacks there are no warning signs (such as the system running more slowly), so a person’s files might be gradually encrypted without them even realising it is happening. It can often take several days for victims to realise that they are being attacked (only once they try to open a file and realise it has been encrypted) by which time the ransomware has had the chance to work its way through a user’s folders.
Crypto virus attacks are constantly evolving so organisations need to ensure that they remain protected. Earlier versions used to attack only the computer that downloaded the virus, but the virus has now evolved to encrypt the network drives assigned to that computer. This is why it is more important than ever for organisations to have an off-site back-up (a copy of all their data that is sent to a storage facility, where it is replicated across machines at different locations) in addition to the back-up they hold on site. This offers maximum protection in the event of a crypto virus attack that could encrypt the back-up files stored on organisations’ networks.
What can be done?
- Invest in cyber security including anti-virus, firewall, patches and intrusion protection.
- Be stringent about making regular back-ups. There is no way of guaranteeing that a member of staff won’t accidentally click on a dangerous link, so protection is key. Because the new versions of crypto virus can execute network discovery and could encrypt back-up files too, it is more important than ever to ensure that you have off-site back-ups to offer ultimate protection for your files.
- Limit users’ access to ‘mapped’ drives (i.e. network access to files and folders on other devices), where possible, to contain the potential spread of crypto virus – if everyone has full access to all files, even if they don’t need it, the virus has more chance of spreading.
- Educate staff about ransomware (e.g. reminding them not to click on links or open files from unknown sources).
If you want advice on this or anything related to cyber security please get in touch.
We are more than a provider of IT services. We are an IT partner – we partner with our clients to help them grow their businesses through the best technology and IT solutions. Our extensive experience means that we understand the challenges that our clients are facing – we know how to help our clients achieve their business goals through the best technology and IT systems. Everything from cloud computing and cyber security, to telephony and video conferencing – we’ve got your back.
Get in touch with a member of our team if you’d like to find out about partnering with us.