Mischa Ransomware Screenshot

Ransomware Defense (in short)

SMB Cyber Security / By

Ransomware is the new big topic in cyber threats.  It’s not really that new, though.  The recent extortion model came to exist with the rise of cryptocurrency (e.g., Bitcoin).  This model of Ransomware has exploded in the last two years with almost everyone on the internet touched by it in some way.

Most ransomware works much like any other “assisted” malware.  The distributor must find a way to entice a user to execute it.  Usually this involves an email with a malware attachment.  This malware attachment then downloads the main ransomware body and executes it.  This will then encrypt files (and other data sources) and alert the user to their misfortune.

ransomware_process

You can stop ransomware at several at several of these points with different methods.  As usual, some methods are more appropriate for smaller businesses.

  • Between steps 1 and 2, spam and malware filtering of email will reduce the likelihood of ransomware being delivered to your mailbox
  • In step 3, user training can help users spot ransomware and reduce the risk of the attachment being opened
  • In steps 4 and 5, anti-malware software on each workstation can reduce the risk of successful execution of the ransomware malware
  • At step 6, newly developed software detects the encryption behavior rather than the malware signature and can stop the encryption at the start.  NOTE: this software is still very new, mostly a proof of concept, and may block legitimate computer use so use it with caution!.
  • After step 6, a successful backup and recovery program will reduce the impact of lost files by allowing you to restore to the last backup point

If you pass step 6 without a successful backup and recovery process in place, your chances of successful recovery are lowered.  Some ransomware variants have been cracked and you can find decryptors online.  Some victims have also had success in paying the ransom and getting their files back, but others have not.  Sometimes the ransomware creators disappear and other times the decryptors sent do not work.

As a small business, your best bet is to make use of anti-malware protections, train your users regularly, and implement a solid backup program in your company.  Don’t hesitate to contact me (chris@citadelsystemsar.com) if you need assistance!