A growing amount of small to medium-sized businesses are falling victim to Ransomware, malicious software that holds your computer and its data to ransom. Not all SMBs are aware of the risks and implications for their business.
What is Ransomware?
Ransomware is malicious software designed to take control of a users computer and proceed to encrypt valuable data files including images and documents. Once encrypted, the criminal organisation running the software demands a ransom to unlock your files.
Get true protection with offsite Backup
Over the past several years, Ransomware and Malware infection has become a blackhat commercial industry on it's own. Cloud Backup offers real protection against your data being encrypted and locked by unscrupulous fraudsters. Documents, Photos, Media and System Files are often targeted by well-established and well-resourced bands of criminals who target individuals and organisations digital assets.
samples of ransomware in total, 1,200,000 new samples in 2017 so far
x Thousand Infections
newly infected computers in a 24 hour period
3.25 Billion Dollars
damages caused by one form of the amount of ransom asked ransomware (CryptoWall) worldwide
$200 - $10,000
the amount of ransom asked
estimated ransoms paid in the untraceable currency BitCoin
Ransomware: the facts, figures and features
Active Defence works by utilising behaviour assessment with the addition of known Malware variant signature scanning. Active defence software provides some protection from random attack but provides no real protection against targeted Ransomware. The software should alert and protect the user to infection from older, static and common versions of Ransomware software which remain in circulation.
Ransomware source code is now generated dynamically. It’s becoming very common to see Ransomware Generators that are so simple and efficient to use, that fraudsters see the value in taking the time to generate new Ransom application source code per target!
Behavioural evaluation rarely works because end users have become accustomed to clicking OK or YES when the system prompts for System Administrative permission. Once the Ransom application is in, a the engine can only rely on system workflows that are commonly exploited.
Due to the fact that the malicious app has been given administrative permission, it has time to sit and wait until the machine is idle before starting the encryption process.
In order to keep IT systems operational and usable, Anti-Virus companies can’t make their software alerts too loud and distracting when it comes to System Processes. What eventually happens is the end user or business will be hit with a dynamic Ransom app which will wait for system idle time to begin the process of encrypting DATA files only; Only targeting data files prevents system monitoring applications from raising a rad flag and generally keeps the target system appearing to work well.
Ransomware starts at the top of a directory tree, moving it’s way from the folder, furthest from the root, right down to the more visible files closer to the root. For example “C:UsersJaneDocumentsMoviesWedding maincopydontedit.avi” before targeting "C:UsersJane Documentsllmypasswords.doc”. Depending on the variant, it will sometimes also leave recently used files until last, in order to not alert the user to the encryption process running in the background.
Ransomware creators have stopped setting the Ransomware to change filenames which means a system could be well and truly compromised before the user has any idea of the infection.