Don’t be held hostage

Date: 2 August 2016

FeneTech’s A.J. Piscitelli warns of the dangers of Ransomware in his latest post, “Pay up, or never see your files again!”, outlining this ominous threat to your company’s files, but offering ways to ward off the bad guys.

Pay up, or never see your files again!Working at FeneTech, I have an opportunity to see a lot of different networks and work with IT professionals with varying degrees of expertise.It’s an awesome experience and I’ve learned a lot from individuals all over the world.

There is a massive threat to any network that has any seasoned IT professional concerned. It’s called ransomware. If you haven’t heard of it, you should really pay attention.

Most malware in the past would simply turn your computer into a zombie slave and force into a botnet, or try and gather as much personal information for identity theft.

Ransomware is much more nefarious and is becoming an increasing and dangerous threat. Ransomware works by encrypting all of the files on the network with a key.

The files can’t be accessed without the key. In order to get the key, you have to pay anywhere from $500 to $50,000. Sometimes they send you the key, sometimes they don’t.

I’ve read or heard enough horror stories from ransomware, but have had the fortune of not dealing with it up close. During a recent visit, one of my customers got hit with ransomware. It took the customer down for a day.

This particular ransomware didn’t just hit mapped drives, it looked at all network shares that the customer had connected to. This meant even the order attachments and machine interface files were encrypted, as well as any other shared network folders for their other business files. The IT staff was able to get the files restored fro backups. They were lucky.

Being able to be part of the forensic analysis, I was able to conclude with their IT personnel that this all started because an order entry employee opened up an email attachment containing the ransomware. However, it would be a mistake to reprimand the order entry person.

The email looked innocent enough, and could have been a legitimate customer’s order. The customer had competent IT staff who was running well known anti-virus software on all of their computers, but it did not stop the ransomware.

Submitting the ransomware to be analyzed against known viruses showed that only two out of 57 leading virus databases would have detected it. In other words, having Symantec, Trend, Microsoft Endpoint, AVG, MalwareBytes, or Kaspersky installed on the machine wouldn’t have helped in this instance.

None of their databases detected the ransomware as a virus. Not to say that there is anything wrong with their software, but it’s important to understand that no protection can stop everything.

There is another methodology that can be used to prevent ransomware, as well as some other viruses. You can do this by preventing executable files from running in folders that viruses and other malware like to reside.

For example, the user’s TEMP directory. This can be done via group policy. Unlike a traditional antivirus, this methodology isn’t continuously running, using up CPU and RAM resources to scan files when they are loaded.

CryptoPrevent (https://www.foolishit.com/cryptoprevent-malware-prevention/) is a piece of software that you can run on your machine to easily lock down these folders. Their free version will all you to lock down the most commonly abused folders.

One note of caution, this will prevent ANY executable from running, regardless if it’s good or bad. This means that some legitimate software updates will fail to run (usually with an error message). You would simply need to disable the protection any time that you needed to update that particular software.

Even with the above tactics, ransomware isn’t entirely preventable. The best strategy is to ensure you have frequent backups that are taken offline.

Backing your files up to your external hard drive doesn’t do much good if the external hard drive is constantly connected. Ransomware will simply infect the backups. The backup media needs to be “air-gapped” or physically disconnected in order to be protected.

Alternately, cloud services are becoming more and more popular for backup, butversioning capabilities is most important. If you’re syncing your files to the cloud without versioning, the encrypted files will overwrite the good copies during the next cloud sync.

With versioning, you can always go back to the previous version that should still be unencrypted. There are several services that offer this capability, all with varying costs.

Bottom line, ensure your files are backed up and validate those backups. Otherwise you might be paying up, in one form or another.

For more information, here are some good articles on ransomware:

https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

https://en.wikipedia.org/wiki/Ransomware

http://www.digitaltrends.com/computing/what-is-ransomware-and-should-you-be-worried-about-it/

https://www.cloudwards.net/why-businesses-should-care-about-ransomware/

600450 Don’t be held hostage glassonweb.com

See more news about:

Others also read

It marks a milestone for our industry: Orgadata is proactively taking the next step to strengthen its leading market position. Under the Forterro umbrella, Orgadata will form a new division, 'Forterro Windows & Doors,' headquartered in Leer, Germany.
Digital technologies and automation were among the top topics at glasstec 2024. From October 22nd to 25th, 2024, visitors had the opportunity to learn more about A+W’s innovations in glass processing.
A+W Software is thrilled to introduce Ms. Cyndi Brown as the latest addition to their team, where she will play a key role in strengthening project management efforts across North America.
FeneTech, a Cyncly company, presents its software at Glasstec, stand A32, hall 14.
A+W Software is pleased to announce the hiring of Ms. Jennifer Armatis as part of its expanding project management team. Ms. Armatis joins the company as a Project Manager for A+W Clarity (glass) customers.
What can visitors to the LiSEC stand expect in terms of software?

Add new comment

From industry

Polígono Lalín 2000
36512 Lalín Pontevedra
Spain

Ctra. Estación Km. 15.8
44415 Rubielos de Mora Teruel
Spain

Waterman Business Centre Suite 220, 44 Lakeview Drive
Scoresby VIC 3179
Australia

NEWS RELATED PRODUCTS

A+W Software GmbH
Diamon-Fusion International, Inc.
A+W Software GmbH
A+W Software GmbH