Crypto was just the beginning. We’re seeing a recent resurgence in ransomware. Ransomware will encrypt files and demand payment in order to provide the key to decrypt them. The latest iterations browse for network shares and encrypt a wider range of files. The encryption strength is quite strong and breaking it isn’t an option with the newer variants.
Ransomware is a nightmare scenario. An entire organization can be locked out from all of their important files. Delivery mechanisms are steadily improving and now include SMTP using credentials from Outlook, Thunderbird, or Windows Mail. This makes the sent mail more likely to pass spam filtering and the recipient is more likely to trust it.
For protection, we are recommending our advanced spam filtering service and our managed antivirus. ESET has been at the forefront of protecting from this type of malware and our managed antivirus service provides continual updates. Email is a common vector for ransomware and our advanced spam filtering service provides excellent malware protection. Although nothing is 100% effective, we are seeing ransomware blocked by both of these services. Ideally, a customer would subscribe to both services thus decreasing their risk even more.
If protection fails, what can be done to minimize the damage? Since the principal ‘fix’ is to restore from backup, we’re double-checking our clients’ backups to ensure they are backing up what is needed. We’ve also been checking shadow copy to ensure that it is enabled. If users report it quickly enough, we might be able to restore files directly from shadow copy. User education is of course, an easy and cost-effective way to decrease your risk to ransomware. Be careful what you click on and immediately report encrypted files. Encrypting takes time and the faster the process is stopped then the less data needs to be restored from backup.
The risks from ransomware are huge but we are protecting organizations from it with our advanced spam filtering and managed antivirus services. Maintaining backups either by yourself or through a managed service like our’s is a very cost-effective solution and will decrease the damage done by ransomware. Make sure your backup is working as intended and is backing up the appropriate data. When thinking about backups, remember the 3-2-1 rule!