Ransomware: The Evolution of the Computer Virus

Posted on 06.28.16

By Chris Terrell, Information Technology Department Manager

It’s Thursday morning, you log in to your computer, and you are greeted with this. Is this real? How did this happen? What should you do?

 

Richmond Cyber security Planning

It’s real, and it’s called ransomware. Ransomware represents the evolution of the computer virus. Rather than corrupting a computer, destroying files, or some other programmatic carnage, ransomware is a form of cyber-extortion. Ransomware is just like a virus or malware in that end users usually get it from clicking on a bad link or attachment in an email or visiting a corrupted website. The difference is, rather than creating chaos on a computer, the payload instead encrypts files on the affected computer and/or connected network drives. The end user is faced with two options. Pay for the decryption key using virtually untraceable Bitcoins, or (hopefully) restore the affected files from backup.

Ransomware is becoming increasingly common because it is a proven method for organized crime to extract money from individuals and firms in ways that law enforcement agencies cannot trace. In fact, the FBI has recommended that users infected with ransomware should pay for the decryption key if they cannot restore the affected files from backup because decrypting the files would be prohibitively expensive and time consuming and often not even possible. In February 2016 Hollywood Presbyterian Medical Center made national headlines when they paid extortionists the equivalent of $17,000 in bitcoins for the key to decrypt sensitive files. They are far from alone, according to security firm AVG an estimated $27 million in ransoms have been paid thus far. This of course does not begin to factor in the costs associated with an interruption to a business that is dependent on the affected data. A $1,000 ransomware infection could result in far more costly lost time and productivity.


 

What can you do to reduce your chances of getting ransomware? The Internet Crime Complaint Center division of the FBI recommends the following:

  • Always use anti-virus software and a firewall
  • Enable pop-up blockers
  • Keep regular backups, and keep them in a location a computer cannot readily access
  • When in doubt, don’t click!

 

The days of the Nigerian prince asking for help to recover lost funds are mostly gone, today’s criminals can and will make an email look like it came from a friend, coworker, boss, and appear both genuine and urgent. When in doubt, make a phone call and verify the authenticity of questionable emails before clicking on links or opening attachments. When all else fails, a recent and current backup may be the only thing that keeps an individual or firm from losing irreplaceable files. Nightly backups should be done at a minimum, and those backups should be inaccessible to end users. If ransomware gets on a computer, it can affect any file it can access. As always, users should avoid any and all questionable websites, especially websites that allow users to download supposedly “free” content.

Interested in improving your company's cybersecurity? Contact your Keiter representative or 804.747.0000 | Email

.......................

Posted by: Chris Terrell

Chris brings over 16 years experience in Information Technology to Keiter. Chris’ focus has been concentrated in network administration within an SMB environment. He has experience working both in the public and private sector.