By Nerino Petro at 5 August, 2016, 1:05 pm
Ransomware. It's what keeps me awake at night as a CIO and technologist. Also known as crpytoware, these malicious tools encrypt your data, delete or disable the ability to use built-in tools in your operating system to roll back to prior versions and then charge you money to provide you with a decryption key. And they just keep getting more and more sophisticated, with some even providing so called "help desks" to assist you in paying the ransom and decrypting your files. Some variants have been broken and you can find decryption keys on the internet; however, these are the exception. Most have not been broken and short of restoring from a backup, there is no decrypting the files short of paying the ransom and hoping that you get a decryption key and it works. EVERYONE. Yes, I mean everyone! that deals with computers needs to have a basic understanding of ransomware. Kaspersky and Intel Security have partnered to create the NoMoreRansom.org website.
NoMoreRansom.org provides a number of tools including CryptoSheriff where you can upload sample files to see if they can be decrypted using one of the broken variants; Q & A information; links to decryption keys for ransomware variants that have been broken and more. Having been brought in for consulting and assistance at a number of firms that have suffered crypto attacks, I can tell you that generally your options are to 1) pay the ransom and pray the decryption key works or 2) restore from a solid backup. I prefer option 2. Paying these criminals only encourages there attempts to extort money from more and more people and businesses. While there is no one piece of software to prevent all such attacks, layered defenses including email filtering, anti-malware and anti-virus as well as training can help mitigate the risk.
Tools such as Malwwarebytes Anti-Ransomware beta (check it out here); FoolishIT Cryptoprevent; BitDedefender's Crypto-Ransomware vaccine and others found on sites such as BleepingComputer.com can play a critical role in a properly layered defense system in conjunction with your AV, firewall and anti-malware tools. Services such as KnowBe4.com can provide training and tools to test your staff. At the end of the day, it is not a question of if you will get hit with a crypto infection but when unfortunately.