Ransomware came to prominence in 2013, with the rise of the original CryptoLocker malware.
Most ransomware uses the AES algorithm to encrypt files. To decrypt files, hackers typically request payment in the form of Bitcoins or alternate online payment voucher services.
Forms of Ransomware
- Jigsaw, a form of ransomware, encrypts then progressively deletes files until ransom is paid. The ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72 hour mark, when all remaining files are deleted.
- Cerber targets cloud-based Office 365 users and is assumed to have impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup.
- Crysis: This form of ransomware can encrypt files on fixed, removable, and network drives and it uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.
- TeslaCrypt also uses an AES algorithm to encrypt files. This ransomware targets Adobe vulnerabilities, installs itself in the Microsoft temp folder, then demands payment for the return of your data.
- TorrentLocker, in addition to encrypting files, collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network.
- Le Chiffre is designed to run manually on a compromised system. Cyber criminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running the virus.
- Locky is typically spread via an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. The spam campaigns spreading Locky are operating on a massive scale.
- ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.
As ransomware has evolved, backup and security have become inseparable. A proper business network security protection strategy is needed to safeguard your applications and data from cyber threats.
Nettology’s Methodology for Ransomware Protection
Nettology recommends putting multi-layered safeguards in place to protect your business infrastructure against ransomware. Of critical importance is a Network Vulnerability Assessment.
Answers to these four questions will determine your network security risk:
- How are you backing up your servers?– We recommend an image-based backup solution which takes a snapshot of your data, applications and servers before the infection occurs. Data protection solutions, like Datto, take snapshot- based, incremental backups as frequently as every five minutes to create a series of recovery points and allow businesses to run applications from backup copies of virtual machines. Nettology is a Datto partner serving the greater Philadelphia area.
- How often do you scan your Firewall and Servers for vulnerabilities? We examine your firewall configuration and look for any Open Ports, and ensure that all Firmware is up-to-date and has been patched regularly.
- Is your Email Spam\Antivirus Solution tweaked appropriately? – We assess your email and anti-virus spam filtering solution. There are certain type of file attachments that you don’t want to let through to the desktop!
- Which websites are you blocking? – We suggest a web content filtering solution that prevents employees from browsing non-business related and potentially infected sites where viruses and malware is waiting to automatically download.
For more information, read our blog: Why Image-based Backup Is An Important Component Of A Small Business Plan
More information on Datto.