Let's have a look at the history and evolution of Ransomware and some basic tips for your organization to make infrastructure secure.
What is Ransomware?
Ransomware is a malicious software that cyber-criminals use to hold your files (or computer) for ransom and requiring you to pay a certain amount of money to get them back by encrypting your files. Since its been discovered, Ransomware has been growing at a tremendous speed with more and more users being infected, both companies and consumers. This is critically affecting the productivity & reputation of many companies, which many of them are paying in the end.
Many people may think that Ransomware is a very recent type of malware, especially with the global outbreak of Wannacry that made the headlines in 2017. The first Ransomware was actually released on a floppy disk in 1989.
Since then, Ransomware wasn't well known until 2010 where it went under many changes & variants. The below chart is a summary of all recents & known Ransomwares from 2010 up to 2017.
Basic Security Tips
Even if your organization is not protected by a comprehensive network security solution like Sangfor NGAF/, there are still a few things that you do to prevent or at least minimize the damage.
- Backup Your Data: Not only against Ransomware, doing a regular backup of your data can help you whenever your computer or network encounter a failure. Remember to do it on an external driver (better if password protected), which should be disconnected when not in use. This will avoid any access from it by Ransomware.
- Show Hidden-Files extensions: By default, some Windows systems will hide known file-extensions (e.g.: “FILE.PDF.EXE”), so people might not be able to recognized a potential threat when they see it. Cyber-criminals know about this and will disguise the file under another name. By enabling show hidden-file extensions, you will be able to easily spot suspicious files.
- Make Sure Your Computer is Up-To-Date: Many cyber-criminals will rely on existing vulnerabilities of users running outdated software to get access to their computer. Whenever possible, remember to do regular update of all your software, including OS system, and if possible let it run automatically for better convenience.
- Do a System Restore Whenever Necessary: Remember to enable System Restore (if you are using Windows) whenever possible. This might help you to take back your system to a state before being infected by Ransomware.
- Disable Remote Desktop Protocol (RDP): Cyber-criminals might get access to your Computer through Remote Desktop Protocol (RDP), which is a tool available in Windows to allows others to access your desktop (for technical support & others). If you do not use it in your company, it is a good idea to disable it just in case.
- Be Quick: Disconnect Your Internet Connection: If you suspect that your Computer got infected after opening a file with Ransomware, disconnect all connections to Internet IMMEDIATELY by closing your Wi-Fi connection and/or unplug your LAN cable. This will delay or stop the communication with the C&C server before it finishes encrypting your files, and if you are lucky, it might save you.
- Filter “.EXE” Files in Emails: If your Company has a gateway email scanner and if it can filter files according to their extension (e.g.: .EXE), it could be a good idea to deny emails with the .EXE extension as it is really not often used on a daily basis.
- Use a Reputable Anti-virus, Anti-malware and Firewall solutions: Even if this is only useful on a user-basis, it is always nice to have your own computer protected with a good anti-virus, malware and firewall solutions to help you identify and stop potential threats. There are many free software’s available on Internet, so if you do not have one at the moment, go and download them now!
- Disable macros in Microsoft Office files: Microsoft Office documents containing built-in macros can contain embedded code written in programming language (VBA) and be dangerous as they can become a potential vehicle for malware such as Ransomware. Disable it for further security.
- Last but not the Least, Educate your Users!: All the above advices are only useful if followed by every employee in the Company. That is why IT managers have to make sure that everyone knows about the risks of Ransomware, what it could do, and how to protect yourself or at least minimize its damage.