Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

The Ransomware Epidemic and What You Can Do

Ransomware is an epidemic today based on an insidious piece of malware that cyber-criminals use to extort money from you by holding your computer or computer files for ransom, demanding payment from you to get them back. Unfortunately Ransomware is quickly becoming an increasingly popular way for malware authors to extort money from companies and consumers alike.

Should this trend be allowed to continue, Ransomware will soon affect IoT devices; cars and ICS nd SCADA systems as well as just computer endpoints. There are several ways Ransomware can get onto someone's computer but most result from a social engineering tactic or using software vulnerabilities to silently install on a victim's machine.

Since last year and even before then, malware authors have sent waves of spam emails targeting various groups. There is no geographical limit on who can be affected, and while initially emails were targeting individual end users, then small to medium businesses, now the enterprise is the ripe target.

In addition to phishing and spear-phishing social engineering, Ransomware also spreads via remote desktop ports. Ransomware also affects files that are accessible on mapped drives including external hard drives such as USB thumb drives, external drives, or folders on the network or in the Cloud. If you have a OneDrive folder on your computer, those files can be affected and then synchronized with the Cloud versions.

No one can say with any accurate certainty how much malware of this type is in the wild. As much of it exists in unopened emails and many infections go unreported, it is difficult to tell.

The impact to those who were affected are that data files have been encrypted and the end user is forced to decide, based on a ticking clock, whether to pay the ransom or lose the data forever. Files affected are typically popular data formats such as Office files, music, PDF and other popular data files. More sophisticated strains remove computer "shadow copies" which would otherwise allow the user to revert to an earlier point in time. In addition, computer "restore points" are being destroyed as well as backup files that are accessible.

The way the process is managed by the criminal is they have a Command and Control server that holds the private key for the user's files. They apply a timer to the destruction of the private key, and the demands and countdown timer are displayed on the user's screen with a warning that the private key will be destroyed at the end of the countdown unless the ransom is paid. The files themselves continue to exist on the computer, but they are encrypted, inaccessible even to brute force.

In many cases, the end user simply pays the ransom, seeing no way out. The FBI recommends against paying the ransom. By paying the ransom, you are funding further activity of this kind and there is no guarantee that you will get any of your files back. In addition, the cyber-security industry is getting better at dealing with Ransomware. At least one major anti-malware vendor has released a "decryptor" product in the past week. It remains to be seen, however, just how effective this tool will be.

What you Should Do Now

There are multiple perspectives to be considered. The individual wants their files back. At the company level, they want the files back and assets to be protected. At the enterprise level they want all of the above and must be able to demonstrate the performance of due diligence in preventing others from becoming infected from anything that was deployed or sent from the company to protect them from the mass torts that will inevitably strike in the not so distant future.

Generally speaking, once encrypted, it is unlikely the files themselves can be unencrypted. The best tactic, therefore is prevention.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2021 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268