A few weeks ago, whilst one of our clients was in a meeting, it was mentioned did we know anything about bitcoin, the client of Digital o2 responded with only that Criminals use it to extort money from businesses with crypto virus. It turns out that was the reason behind the client mentioning it, The client mentioned that his IT Guys had indeed dealt with a similar issue and he would have them call.
The client asked:
Our Server and accounting system has been entirely encrypted by ransomware.
Is there anything I can do about it?
They’re asking for $8,0000 for the decryption key.
My first thought was: I hope he has a data backup. So, I had to ask:
Do you have a backup?
He looked down and said a bitter “Yes, but we the last recoverable backup is almost 2 months old” its two months”. Time to pay the Ransom and hope the criminals hold up their end.
This scenario is unfolding right now somewhere in the world. Likely even in your city or neighbourhood.
In this very moment, someone is clicking a link in a spam email or activating macros in a malicious document.
In a few seconds, all their data will be encrypted and they’ll have just a few days to pay hundreds of dollars to get it back. Unless they have a secure backup that is not locally held, which most people don’t.
Ransomware creators and other cyber criminals involved in the malware economy are remorseless. They’ve automated their attacks to the point of targeting anyone and everyone.
What is Ransomware?
Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files.
There are two types of ransomware in circulation:
Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.
Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
Another version pertaining to this type is the Master Boot Record (MBR) ransomware. The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual, and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya ransomware.
However, the most widespread type of ransomware is crypto-ransomware or encrypting ransomware. The cyber security community agrees that this is the most prominent and worrisome cyber threat of the moment.
Why ransomware creators and distributors target businesses:
Because that’s where the money is.
Because attackers know that ransomware can cause major business disruptions, which will increase their chances of getting paid.
Because computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means.
Because the human factor is still a huge liability which can also be exploited, but through social engineering tactics.
Because ransomware can affect not only computers, but also servers and cloud-based file-sharing systems, going deep into a business’s core.
Because cyber criminals know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences.
Because small businesses are often unprepared to deal with advanced cyber attacks (which ransomware is) and have a lax BYOD (bring your own device) policy.
Why wait for disaster to strike? If you feel your computers and network is susceptible to such security issues and threats of Ransomware you need to act now.
We have multiple backup solutions that when implemented can guarantee that your data can be restored should you fall victim to this crime.
