October 21, 2013 No Comments-
Kristian A. Bognaes, Director, Norman Safeground Development Center
Almost as long as there have been computers, there’s been computer malware. The virus ‘Creeper’ is widely regarded as the original computer malware, using DEC PDP-10 mainframes and the ARPAnet (what would later evolve into the Internet) to spread itself. It did not do any damage, in contrast to many computer viruses of more recent times.
For a while, computer viruses for the PC platform were mostly designed to spread themselves and sometimes do damage to their hosts. The motivation for this was usually to show off and brag about the creators’ technical skills. Gradually, however, we started seeing a change in direction towards economical motives. Viruses are now being used to introduce backdoors to gain access to systems, steal information, and install botnet clients that can be used to sell computing power for a variety of sinister uses.
For the last few years, a new class of computer malware called ‘Ransomware’ has started appearing. The motive again is profit, but the method is much more direct than selling stolen computer capacity through a botnet. Ransomware viruses will deny the user access to the computer by locking it in some way or even encrypting its content. To regain access, the computer owner will have to pay a ransom, hence the name ‘Ransomware’.
Early encrypting ransomware used fairly simple algorithms for encrypting users’ files. As a result, AV vendors were able to create software to restore the encrypted files as part of the cleanup process. However, more recent examples use advanced cryptographic algorithms that make it unfeasible to attempt to decrypt the encrypted files without having access to the cryptographic key.
The ‘CryptoLocker’ virus is an example of ransomware that is currently receiving a lot of attention. Employing AES encryption with a 2048-bit key, the encryption is much too strong for anyone to be able to decrypt encrypted files without access to the right key. Users risk infection by opening unknown email attachments or by unknowingly already having a certain botnet client on the system.
What is a user to do if the ransom message shows up on the screen, demanding a payment of $300 to decrypt your documents, pictures, and other valuable files?
Although it may seem like there is no way around it, we would certainly not recommend paying the ransom. This will reinforce ransomware as a viable business model for the perpetrators, and will add to the problem in the long run. The most effective action against this kind of malware is to make sure you are not infected in the first place. Reduce the risk by running updated anti-virus software, do not open mail and attachments from unknown sources, and use a good firewall.
If, however, you still end up with an encrypted and unusable computer, you should be able to restore your files from a backup.
You have a recent backup of your files, right?
It is crucial to maintain a current backup of all your valuable files. As a minimum security precaution, make sure that your computer keeps frequent restore points of your system that you can restore files from. These files will still reside on your infected system, so it does not make backup unnecessary (and hardware will eventually fail, too). Automated cloud-based backup solutions enable users to restore files after being attacked by ransomware, having disk crashes, or losing the computer. Make sure that the backup system supports keeping a revision history, since files that get encrypted by ransomware will be replicated to the backups.
For all practical purposes, having files encrypted by ransomware should be regarded as a total loss of the system. The good news is that sensible precautions and backup routines will help you be prepared for such an event and have you back up and running again without too much trouble.
Have a look at the ‘Norman SecureBackup‘ product from Norman Safeground. It automates the backup process and supports file revision history to help you avoid a possibly disastrous loss of data.
If you are an individual, you should also keep your files safe and backup your important files such as photos, music and other personal file. Have a look at Norman Online Backup.
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive