Ransomware viruses have been growing steadily over the past few years and the recent advances in encryption standards have bred one of the most revered and horrific trends in IT history; Encryption Ransomware.
What exactly is it?
Imagine someone broke into your house, changed the locks and wanted a hefty wad of cash to let you back in. That’s exactly what happens when you’re hit with this, except instead of your IKEA living room set and funny mug collection being held hostage, it’s your wedding videos and photos of your kid’s first birthday party. You can’t exactly call the cops now can you?
That in a nutshell is what encryption ransomware does. It sneaks into your PC and encrypts every piece of tangible data it can find apart from the components the attacker has determined you need to pay the ransom.
They’ve got me, what can I do?
As much as I don’t advise you pay the ransom, to do so is going to involve going into the “Deep Web” via TOR and paying via Bitcoins (an anonymous digital currency). In itself is quite a risky operation and it’s very easy to stumble upon some materials that might see you in more trouble than you were to begin with. This is as far into this subject as we will go.
If you’re one of these people that are pretty tech savvy and know a bit about backups or throw all your photos and videos up on to the “cloud” then I salute you, good choice. It’s probably saved you from a good deal of heartache. Fully format the PC and restore your files.
If you’re not one of these people and have never backed up a thing then I’m afraid you’re out of luck. These types of infections usually generate a random key to the encryption and use 128bit ciphers. They are near impossible to crack, no matter how long you have. Suck up your losses as hard as it may be, learn from this and get a decent backup system.
How can I protect myself?
Get a decent AV
The vast majority of attacks arrive via spam email. HMRC telling you via email that you’re due a tax rebate, your car insurance company saying you’re due a discount on your policy. Things that could be legit that you’re not expecting. You’ll want a strong AV that scans emails in real time. Having Outlook and something along the lines of ESET Smart Security (Home) or ESET Endpoint Security (Business) will stop the infection spreading and causing more damage, as well as killing the attached virus dropper.
If something looks to be good to be true then it probably is. There’s no need to open an email attachment from the gas board, I’m sure they’ll send you a letter if you’re due a rebate. Social engineering it a big part of these types of attack. They can also send emails that look like a colleague has sent it, so keep an eye out for quirky looking emails.
Backups, Backups, Backups.
As mentioned previously having another version of all your files to recover from is pretty much the only way round this issue. Once the device is infected it can be pretty hard to disinfect and in the vast majority of cases wiping the hard drive and starting from scratch is essential. This can be a complete nightmare or quite an easy task, had you chosen to back up your data prior to being infected. Backups come in all shapes and sizes but generally serve one purpose, remember you get what you pay for. Premium services are a lot quicker to recover from and cloud based services are all dependant on your internet connection so choose wisely.
If you require advice on backups or antivirus for your business then feel free to drop us a line.