Unfortunately, we have to live with the fact that crypto ransonware are here to stay. What can you do to make sure that your business is able to survive this new wave of malware?
If you don’t follow the technological news, or if you have never read this blog, you might not be aware of the current rampant cyber threat that is targeting users and organizations: crypto ransomware. In this post, we will explain exactly what crypto ransomware is and what it does, while also giving you some advice on how NOT to be trapped in a situation where you would have to give a lot of money to a criminal organization, just because you want to regain access your data.
How Does Crypto Ransomware Work Exactly?
In theory, crypto ransomware is built to be a real pain in the butt. You get the malware, the malware encrypts your files, and the bad guy has the key and will extort you if you want the key to get your files back. It is not hard to imagine what kind of living hell it must be for a user struck by one of those. Even though this kind of malware is really bad for a user or an organization, it is so simple in its execution, that it is almost disarming. In fact, it is so easy that it is a surprise that it did not happen way before that.
In practice, what we can understand about crypto ransomware is that they are precise tools created to disrupt one pillar of the information security: the availability of data. Usually, the malware is transferred by email and takes the form of an attached file that could be a scanned file, or a document file seen by users on a daily basis. If the user clicks on the file, then the malware is activated.
When the malware is activated, it crawls into your computer, searching for files and documents. Usually, the crawling process will search for files that can be of value for users or organizations like .pdf, .doc, .mp3, .jpg, .rar and so on. Also, everything that is connected to your computer is crawled. So, if you have a USB drive, or an external hard drive that is plugged into your machine, the files and documents that are in those are going to be found by the malware.
Once it is done, the malware will place all of those documents into a file. Then, the bad part comes: the file will be encrypted. The encryption method varies from one malware to the other, but it is almost always the same process. The encryption key is stored on a server and the software gives you an amount of time to pay the ransom in Bitcoin. Usually, the time given to pay the ransom is around 72 hours and the amount to pay revolves around 600$ US. Even worst, one of the last versions of this malware erases your files as time passes by.
And by the way, if you think that you are safe because you are using virtual drives, this is a mistake. If you have a remote desktop that is linked to your workstation; the files will usually be crawled, identified and packaged into a virtual safe; a safe that you have no control on, because you’re not the one who has the key.
What Can You Do?
At this point, if you are struck by a crypto ransomware, I hope that you have backups. Good ones. If your backup strategy consists of drives that are constantly attached to your computer, unfortunately you are probably screwed because, as stated earlier, the malware will crawl through everything that is connected to the computer. In essence, if you have access to the NSA to decrypt your files you might be good, but if not, you might not have the choice but to pay the ransom. Don’t worry, you are not alone in this situation: even the police had to pay for ransom at some point.
If you have not (yet) been targeted by a crypto ransomware, and you want to protect yourself, you should definitely look for a complete security solution.If you are a user, having only a free antivirus is not a safe solution nowadays. If you represent an organization, I hope that you a have a proper security system. You should.
Of course, you should always be prepared to face those kinds of threats, which means being in the right state of mind and, if you’re part of an organization, being properly trained. However, the bottom line is that you have to realize that with the threat of crypto ransomware, it would be wise to backup your backups. It may sound silly, but this is the harsh truth. Since you cannot know how and when a malware of this type might strike you, you can get unlucky and it is during your backup process that the malware comes into effect.
When backing up, you should follow this simple rule: 3-2-1. 3 different backups on two different media and 1 backup should be off site. This kind of discipline might save you a lot of troubles, a big headache, and a lot of money.