Security Alert – Ransomware
This document outlines information about Ransomware, a relatively new and dangerous threat to your data and
business. We are seeing an uptick in the types and severity of these virus infections. We want to make sure
that all of our clients know, understand and protect themselves from this threat.
Advance2000 can help you prevent ransomware and other malware threats, if you need help or are unsure if
your systems are protected, please contact us.
What is Ransomware?
Ransomware is malicious software that denies access to your computer or files until you pay a ransom. There
are two types of ransomware that we commonly see:


ENCRYPTION - Encrypts personal files/folders (e.g., the contents of your My Documents folder documents, spreadsheets, pictures, videos). Files are deleted once they are encrypted and generally
there is a text file in the same folder as the now-inaccessible files with instructions for payment. You may
see a lock screen but not all variants show one. Instead you may only notice a problem when you attempt
to open your files. This type is called 'file encryptor' ransomware. For example, CryptoLocker is a file
encryptor ransomware.
LOCK - 'Locks' the screen (presents a full screen image that blocks all other windows) and demands
payment. No personal files are encrypted. Example screenshots of with type running on a computer are
shown below (click for larger view).. This type is called 'WinLocker' ransomware. SEE BELOW.
More malicious versions of ransomware will “crawl” your entire network and all attached hard drives and
encrypt EVERY FILE and every PC on your network.
According to a survey by Intermedia’s “2016 Crypto-Ransomware Report”, it might take days or weeks to
restore and rebuild your entire network. 96% of infected users will lose access to their files for a day, 61% for
three days, and 32% will lose access to their files for 5 days or more. The ransoms are substantial, 18% of
infected users pay the ransom. 75% paid at least $100 per user, 25% paid more than $550 per user. Paying
the ransom does not guarantee you will get your files back.
1|Page
Security Alert – Ransomware
2|Page
Security Alert – Ransomware
There is also 'MBR ransomware'. The Master Boot Record (MBR) is a section of the computer's hard drive that
allows the operating system to boot up. MBR ransomware changes the computer's MBR so the normal boot
process is interrupted and a ransom demand is displayed on screen instead.
Once your system is infected you will see a demand for payment to unlock your files.
Which operating systems are susceptible to this type of attack?
As with a lot of malware the majority of ransomware is targeted primarily at the Microsoft Windows operating
system. There is one variant that attacks Macs but most attack Windows PCs.
Does anti-virus protect my computer from ransomware?
Yes, but the malware writers are constantly updating and releasing new variants and families. You must stay
fully up to date with the latest releases and ensure all your computers adhere to best practices using your AntiVirus software.
How does a computer become infected with ransomware?
1.
2.
SPAM - Typically, infection occurs when you open an infected SPAM email. To minimize your risk you
should make sure your use a quality SPAM filter. The best protection is to prevent the SPAM emails
from reaching your PC. Also, educate your staff that they should NEVER open any attachments they
are not expecting. If in doubt, verify with a phone call.
OUT OF DATE ANTI-VIRUS - Your anti-virus is not up to date and not providing active protection
against threats.
3|Page
Security Alert – Ransomware
3.
4.
BOTNET - Your PC is a member of a “BOTNET” that is a group of infected PCs that are already under
the control of a malicious hacker.
OS ATTACKS - Operating System threats occur when your Windows updates are not installed
properly or not up to date with the most recent versions.
Can I do anything more to protect my computer from ransomware?
ANTI-VIRUS - Ensure that your computer(s) are running the latest version of anti-virus software and have up to
date identity files. Also make sure your anti-virus software is configured for best protection.
UPDATES - Make sure your Windows updates are installed properly and up to date.
FIREWALL - Make sure that you have a secure Internet Firewall that is actively protecting from outside threats
and intrusion.
BACKUPS - Make sure you have backups of all important data, you should have a minimum of three copies of
all active data, at least one copy that is offsite and not on your network.
GET HELP – Contact Advance2000 to find out what other options are available to protect your data and
hardware.
What should I do if my files have been encrypted?
1.
2.
As soon as you notice either the ransomware notices or see evidence of encrypted files,
UNPLUG YOUR PC FROM ANY NETWORK. The virus will crawl your network and infect any
files or machines it finds. You need to contain the infection.
CONTACT Advance2000 as soon as possible. We can assist you in recovering your files and
hardware.
There is no way to get your data back. Your data cannot be recovered and unfortunately you will need to pay
the ransom to decrypt your files or recover your files from backup. You also need to remove any malicious
software before you restore from a recent backup.
Advance2000 can assist you in prevention and file recovery.
4|Page
Security Alert – Ransomware
Advance2000 Security Offerings
IT Security Assessment
-
Onsite or remote assessment of your IT infrastructure
Check and mitigate any security weakness or threats
Comprehensive Assessment report with recommendations
E-mail Security
-
Active Email filtering
Scanning suspicious content, attachments or URLs.
Block unwanted content
Dual antivirus-scanning engines that constantly update in real-time to detect the latest threats.
Proactive blocking compromised or malicious website links or binary attachments that might lead
to ransomware.
Proactive HTTPS Scanning/Web Protection
-
We block the latest web threats using advanced techniques before it hits your browser
Prevent infected systems from calling home with sensitive data.
Inspects all Internet HTTP, HTTPS and FTP traffic.
Anti-virus Endpoint Protection
-
Protection from malware and advanced threats.
Using real-time threat intelligence to stop suspicious behaviors and activities
Block malicious URLs and web exploit code
Prevent unexpected system changes
Firewall Protection
-
Prevents malware from reaching its call-home service
Disarm active ransomware variants
Backup
-
Offline storage
Cloud storage
Proactive monitoring
Onsite back also available
Regular Operating Systems Maintenance
- Keep your system and applications up to date.
- Install security patches
5|Page
Security Alert – Ransomware
End User Training
Training company users is one of the most important steps that can be taken to help prevent
vulnerabilities within your infrastructure.
Training users on email best practices
Teach end users about common mistakes that can lead to big vulnerabilities.
Proactive Monthly Maintenance
– Advance2000 Offers support plans that include proactive monthly maintenances.
– Contact Advance2000 to learn more
Virus Attack Mitigation (if you are infected)
– Post infection virus mitigation
– Data restoration
– Rebuilding IT Infrastructure
– Security Assessment
– Post infection recommendations
6|Page
Security Alert – Ransomware
Links and More Information
Ransomware Attacks to Grow in 2016 - Security Magazine Link
Sophos Unified Threat Management (UTM) - Network Protection Link
Highlights:
–
–
–
Don’t compromise network performance and security
Proven protection against exploits and intruders
Fight intruders
Sophos UTM Web Protection Link
Highlights:
–
–
–
Ensures safe and productive web use
Proven protection against web threats
HTTPS scanning
Sophos UTM Email Protection Link
Highlights:
– Secure your email from spam, phishing and data loss
– Block malware, phishing attacks and unwanted content
Barracuda Spam Filtering Link
We also use Barracuda Spam Filtering Services. Barracuda is one of the leading e-mail spam
filtering providers.
Sophos Endpoint Protection Link
Highlights:
–
–
Sophisticated yet simple antivirus, advanced threat protection, web filtering and policy
enforcement.
Innovative protection
Backup Options:
Cloud - VEEAM Backup - Information PDF
On Site – Veritas Backup Exec Information PDF
Advance2000 Saf-Gate Cloud Backup – Contact Advance2000 for more information
7|Page
Security Alert – Ransomware
Training:
Advance2000 Security for End Users – Webinar training
Ransomware can arrive via various techniques such as drive by downloads or exploit kits using
different software vulnerabilities. Unlike other malware, once the user files are encrypted using a
complex encryption algorithm, it is nearly impossible to decrypt those files – hence there is little
or no option left for affected users other than to pay the ransom or restore files from backup.
Learn how your users can be the best defense against this type of attack.
** Additional Resources
Sophos - Current State of Ransomware PDF Download
8|Page