Online security FAQs: what is ransomware?

9th June, 2016

It seems like you can’t turn around without hearing about some new hack, virus, or malicious app being reported in the news.

Ransomware is a fast-growing category of malware with an especially vicious modus operandi. It slips onto your system and goes to work quietly encoding every data file – on every hard disk or network share within reach – to make them unusable to anyone without the correct password.

Disclaimer: This information is intended to be general in nature. For information that is customised to your business circumstances, please seek specialist advice.

Then it pops up a notice saying you must pay a ransom (usually a few hundred dollars) within a limited time (usually a few days), or your data will remain locked up forever! Payments are made using untraceable methods like MoneyPak or Bitcoin, so law enforcement agencies cannot help either – in fact, a few police departments have actually found themselves in a ransomware tangle.

Cryptolocker splash screenThe most famous of these stories was the one involving Cryptolocker, which was first noticed in late 2013.  Its network was isolated by authorities and shut down in May of 2014. However, its success (the creators are estimated to have earned tens of millions of dollars) spawned a number of copycats which still pose a threat.

The BBC reports there are now over 120 families of ransomware in circulation and reports of their incidence are rising rapidly. A strategy originally used by organised gangs to extort money remotely has evolved into a shrinkwrapped tool anyone can buy online and send out into the world.

Unlike most viruses which often show slapdash programming, Cryptolocker was actually well-crafted software.  The encryption used by most ransomware tools is of a type even experts cannot bypass, unless the attackers are caught and their servers shut down. This has happened in a number of cases, and if you or a friend have been attacked you can use your favourite search engine to find out whether the decryption key is available.

What can I do about it?

In short, backups are now more important than ever.

Ransomware can gain access to your system through a variety of existing security weaknesses. For example, it can slip in via an email attachment, as reported by some clients recently who opened a fake email purporting to be from Australia Post. Clicking a link in an email pretending to be from someone you know can also do the trick.

Antivirus programs can often detect and remove many types of ransomware, but not necessarily before the damage is done. It’s a sobering threat, and if you haven’t heard about it before, that’s because the internet is a big place and even the biggest problems can’t hit everyone. The FBI suggests not enabling the criminals by paying up, while others suggest that it’s not the end-user’s job to fight crime – pay up and get the issue behind you.

What to do? It’s important to remember, you may not ever be affected by anything like this.

It’s also important to remember this: the only defence is something you should be doing already – backing up.

With a sensible and regularly-tested backup procedure in place, a competent IT professional can easily wipe your system clean, restore your files, and get you back to work in short order.

Also, if you do some or all of your work on cloud-based services, those files will not be accessible to malware running on your machine. It can still cause a major inconvenience, but at least your client data will be protected.

If you don’t have a recent backup and your files are taken hostage, you’d better sharpen up your hoping skills – because you’ll just have to pay up, and hope they send you the decoding key!

Keeping your business information safe and protected is vital.
That’s why MYOB uses industry best-practice security protocols
to keep your data safe, secure and private.
Read about MYOB’s Security Commitment here.