Measures to Protect Against Encryption Trojans Using Antivirus Software
Criminals use different strategies to steal money from ignorant victims. A popular approach is to encrypt the files of the user who only gains access to them after paying a «ransom» - maybe ...! One of these strategies is the spread of ransomware.
“Ransomware” is a specific family of malware. It usually spreads through malicious email attachments or infected websites. Once installed, “ransomware” encrypts files on the victim's computer as well as on any connected network drives and storage media (e.g. USB sticks). This renders the encrypted files unusable for the victim.
How to Protect Yourself from Ransomware:
1. Make Regular Backups of Your Data.
Make sure that you disconnect the medium on which you are making the backup copy from the computer after the backup process. Otherwise, in the event of an attack by “ransomware”, the data on the backup medium may also be encrypted.
2. Always Keep Installed Software and Plug-Ins Up-To-Date.
Make sure that all installed software, apps, and web browser plug-ins are always up to date. Whenever possible, use the software's automatic update function.
3. Be Careful of Suspicious Emails,
for e-mails that you receive unexpectedly or that come from an unknown sender. Do not follow any instructions in the text, do not open any attachments, or follow any links.
4. Use a Modern Antivirus Program with Ransomware Protection,
that is always kept up to date with automatic updates. Otherwise, there is a risk that newly developed malware will not be recognized.
5. Segment Your Network
as described in the Secnovum article on network zoning. This allows you to reduce the risk of spread, for example from a client to the server.
How Ransomware Works
It happens quickly: opening a malicious email attachment or an infected website maybe enough for an encryption trojan to nestle on your own system and inexorably render data unusable by deleting or encrypting it.
When attacking companies today, different types of malware are often combined with one another in such a way that they hide from simple virus protection programs and can thus automatically spread across the entire network. They are configured in such a way that all data backups accessible via the network are encrypted or deleted first and then the original files and shadow copies are encrypted - this to prevent a restore from the data backup.
If the files on the computer were encrypted by the «ransomware», this shows the victim a «lock screen». This requests the victim to pay the attacker a certain sum of money in the form of an internet currency (e.g., Bitcoins) so that they can rerelease the encrypted files and the latter can thus be reused (blackmail). Using an internet currency makes it difficult to track authorship.
However, compliance with the demands made by the attackers and the associated payment to the attackers do not guarantee that victim will regain access to the encrypted files. Also, a payment finances the attacker's business model and thus allows them to continue the attacks with “ransomware” and to infect and damage other victims.
Possible rescue in an emergency: Whether decryption routines are already known for ransomware can be seen on websites such as no more ransom.
Companies Are Ideal Victims of Attacks
When it comes to spreading ransomware, cybercriminals primarily target companies because they have a lot of business-critical data at their disposal and are therefore more willing to pay high ransom sums to avert an existential loss of data. An infection with an encryption Trojan and the associated loss of data can just as easily affect private users.
The most important countermeasure to prevent data loss through ransomware is therefore the regular creation of security copies (backups) of your files - further information on this, primarily for small businesses, can be found under “ Step 1 - Backing up the data ” on the platform “ eBanking - but secure! ».
No comments:
Post a Comment