Ransomware is definitely not a new threat but it remains as a serious and ongoing problem for all especially with the news that the Lincolnshire County Council was recently blackmailed and its entire computer system was closed for days.
The first instance of ransomware was in the United States in 2005 but it quickly spread throughout the world along with the so-called malware. Ransomware works by either blocking access to all files through encryption or by holding the entire computer hostage. A pop-up window appears in the infected person’s computer and orders them to pay from a few hundred pounds to a few thousand pounds to get the key to unblock the encrypted data.
Ransomware can target you whether you are a large company, small business, or a consumer. Lincolnshire County Council were confident that they had the necessary security measures in place but still described the ransomware as the greatest attack they had ever witnessed. The council also claimed that the attack was ‘zero-day malware’, which means that it was previously unknown to cyber security training experts.
Initially, the attackers demanded £1m from the council for the restoration of the data. Even though the council did not pay, it was forced to switch off servers and PCs and conduct a thorough sweep of the IT infrastructure to ensure that the malware could not spread. Staff had to go back to using paper, pen, and telephone while members of the public were advised through the local press to avoid contacting the council over anything that was not urgent. Computer systems were offline for 4 days.
The ransomware is a dangerous virus since it is usually contained in an email attachment masquerading as something innocent. Once opened, the ransomware immediately freezes the computer thus preventing access or retrieval of anything stored including documents.
CDT-Locker is one new variety of ransomware which falls into this category. Unfortunately, it can quite hard to detect it. CDT-Locker can hide within files such that even security software cannot tell if it is present. To worsen the situation, hackers often get people to download the dangerous files willingly by making them seem legitimate.
For instance, a hacker can pose as a utility company in an email and state that they would like you to fill out an attached form failure to which your power will be disconnected. In some instances, they will use social engineering to pretend to be a contact in your contact list. Hackers understand that using the name of somebody you trust makes you more likely to click a link in an email.
Now, cyber criminals are now using social media websites and newsgroup postings for spreading malicious code.
How do you go about protecting yourself and/or your business? It is obviously always important to exercise caution when opening links and emails. Never open attachments that you are unsure about. Ensure that you have installed the latest antivirus software and that you perform regular back-ups separate from your computer to help you retrieve your data in case you are ever targeted. In case you do ever fall victim to an attack, do the following 3 things:
- Shut down the infected machine and disconnect it from the network it is currently on. The importance of doing this is that an infected machine can potentially take down others sharing the same network.
- Call the police. Ransomware is a serious crime and needs to be reported.
- Do not pay. Paying attackers only encourages them to do the same to others. In addition, you have no guarantee that they will actually unlock your data in case you pay and they just might target you again.
For further details on the Lincolnshire County Council attack as well as further information on ransomware please visit:
- http://www.computing.co.uk/ctg/news/2444577/it-restored-at-lincolnshire-county-council-after-ransomware-shutdown
- http://www.bbc.co.uk/news/uk-england-lincolnshire-35443434
- http://uk.businessinsider.com/heres-what-to-do-if-your-computer-gets-taken-over-by-ransomware-2015-6?r=US&IR=T
- http://uk.businessinsider.com/how-to-protect-yourself-from-ctb-locker-ransomware-2015-6?r=US&IR=T
- http://www.trendmicro.com/vinfo/us/security/definition/Ransomware
