Ransomware, the anatomy of an attack.
Ransomware, is everywhere. Even after the infamous file-encrypting ransomware called CryptoLocker was defeated by law enforcement (which knocked out its infrastructure), it still came back, almost immediately and its close cousin CryptoWall are now stronger than ever.
The thing is, many types of ransomware and fake-antivirus schemes have been around for years. The cybercriminals behind these attacks use social engineering to trick computer users into paying them to avoid fines from police for supposed crimes, or to clean up “viruses” on their computers that don’t actually exist. You have probably encountered at least one “Your computer has been infected please contact us immediately!” phony warning message in your lifetime.
The difference between these methods and CryptoLocker and CryptoWall attacks is that they don’t bother with that sort of trickery. If you are attacked by a cybercriminal using CryptoLocker or CryptoWall then you will be told upfront that all your files have been encrypted and unless you pay for the encryption key held by the attackers, they will destroy the private encryption key and release, delete, or lock all your information making it impossible to ever recover your files.
How it works
A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen. Here is an info-graphic from Sophos explaining the stages of an attack, with tips on staying safe.
Ransomware protection, prevention, and mitigation
If you suspect you’ve been compromised by ransomware, you can remove the malware using antivirus or anti malware software. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack.
We don’t think paying the ransom is the best idea because there’s no guarantee the criminals won’t up the ante, or that they’ll actually follow through on their promise to send you the keys to decrypt your files. And paying the ransom also supports a cybercriminal enterprise that will ensnare more victims.
Really, the best defense is a proactive one: always back up all your files, use anti-malware and anti-spam protections and work with an IT company to protect your important data.
Learn more about our Data Backup and Disaster Recovery here, or chat to one of our IT experts if you need help immediately.