Ransomware computer viruses are sweeping the online world this year. Hackers are planting viruses in networks which lock away online archives and prevent users from being able to access them. The perpetrators then demand money in order to return the data to its rightful owners. A particularly aggressive strain of ransomware known as Locky has so far caused almost 1 million infections in a single week.
Hackers Bring Down Schools, Hospitals and National Records
One of the more destructive occurrences of a ransomware attack was on the Hollywood Presbyterian Medical Center in February 2016. The cyberattack meant that staff were completely unable to access the hospital network and had no access to online patient archives. 911 emergencies were diverted to other hospitals in the interim as staff on the ground were forced to revert to traditional pen and paper methods of registering new patients and keeping medical records. The ransomware scammers demanded 40 Bitcoins which is worth approximately $17,000. The bitcoin currency is almost untraceable and allows the hackers to receive their ransoms without detection. Once the ransom was paid, the hackers provided the hospital with a decryption key which allowed the IT staff to regain access to their online files.
A similar story occurred in Horry County in South Carolina when the district’s school network was attacked. Systems across the country were infected with the ransomware computer virus which included files detailing payments for school lunches. The county paid a ransom in Bitcoin which was the equivalent of $10,000.
In the UK, the National Records of Scotland genealogy service was targeted in March when a ransomware virus was located in an admin spreadsheet. Luckily it was spotted before it could cause any serious damage. However, as a preventative measure the office was forced to close down in order to fully examine its files and cyber security processes.
How Do Computers and Networks Get Infected With Ransomware?
There are several ways in which the ransomware computer virus can gain access to a computer or network. Typically it arrives by email and prompts the user to open an attachment or click on a web link which is embedded with the ransomware virus. In the case of the ‘Locky’ strain of computer virus, you may be encouraged to ‘Enable Macros’ which will then run code in the background and cause all of your files to be encrypted and renamed with the extension .locky. Once the ransomware has completed its destruction of your system, it will then alert you to the retrieval ransom notice by changing your desktop wallpaper.
Ransomware is notoriously difficult to detect in comparison to other types of malware. Some types use daily automatic updates in order to beat the work of anti-virus packages. Others are built using polymorphic code which effectively uses shapeshifting technology to evade detection.
Backup and Restore
Unfortunately traditional backups are often not an effective way to restore your system to a functioning state without having to pay the ransom. The computer virus actively locates saved backup files and encrypts them into an unusable state without the presence of the decryption key. Online backups have a better chance of working, but automatic uploads can cause file corruption.
A product called Malwarebytes Anti-Ransomware aims to stop ransomware in its tracks. It works by identifying the existence of ransomware on a network through various typical behaviours that it may exhibit. The anti-ransomware will then stop it from executing code before it is able to encrypt any files. It is believed to be effective against strands of ransomware including CryptoLocker, CryptoWall and CTBLocker.
Although this product is currently in beta version it is thought to be a current solution for beating the hackers. However, as ransomware and other types of cyberattacks are notorious for adapting with the times, it surely won’t be long before a bigger and better type of computer virus comes along and holds other organisations to ransom. Users should remain vigilant and keep apprised of the best practices to avoid uploading viruses into their online archive environment. They should always be cautious about opening unsolicited attachments, never enable micros in a document, apply patches on a regular basis and use the domain admin account as little as possible.
We are highly aware of the implications associated with the loss of legal data from your Chambers firm. Our team is able to identify any potential weaknesses in your current setup and can provide you with an excellent level of network security and data protection for your organisation. Want to know more? Call us today for a free IT security review.