Not the traditional weapon to strike fear into the hearts of millions, the encryption key has become the tool of evil genius computer operators.
Commonly referred to as a RANSOMWARE attack, a malware program searches for your valuable data, and attempts to apply an encryption key to password-lock your Corporate, or Personal data.
Here is how they typically function:
The initial agent, or web link does not have the actual program contained within itself. It is only a downloader tool. It will reach out to the internet and download the REAL malware program. That program will search the local computer, and any network links for valuable files such as Word or Adobe documents, spreadsheets, accounting data, and especially the more recent versions – accessible backup files. The program will then generate a long password of random characters, and use it to password protect all the files which were found. The password is then sent to a server on the internet. Finally – and this is the evil genius part; The program leaves you some notes describing what has happened, and DELETES ITSELF! So there is nothing for the antivirus companies to use as a “snapshot” to allow the antivirus programs.
Q: How does this “malware program” get into my computer, or network?
A: The most common methods are by a well-crafted email appearing to originate from a known associate, or in some cases a remote access port into the system, combined with a weak security account like “Scanner” and a password of “scanner”.
Q: Will my antivirus stop the program
A: No. This is not a virus, and your antivirus program is unlikely to recognize this threat.
Q: Is there a way to stop the malware program?
A: There are several solutions currently available to recognize and halt a malware attack. They use activity monitoring referred to as “heuristics” to recognize suspicious activity and terminate the initiating program.
Q: What can I do if my files have been locked?
A: You have a basic set of 3 choices.
- If you have good backup protection, restore from backup, have a nice day.
- If you have no backup, or your backups were compromised, you can pay the ransom and hope to get the password.
- If you have no backup, or your backups were compromised, you can start from scratch with none of your old data.
The best way to defeat ransomware, is to be prepared before you ever encounter it.
- You should have a set of on-site backups, with an off-site component.
- Your backups should not be readily visible to the computers – ie: a drive latter, or visible network share.
- Your backups should have a separate security configuration from the rest of your network.
- You should have a small restore performed periodically to ensure you can actually recover data from your backups.
Are you a victim or do you want to protect yourself?
Contact AGIS Computing today to learn more.