RANSOMWARE, If I was a hacker I would call this DaaS (Decryption as a Service)

Today, maybe because of work, I was in good mood to talk about ransomware. Has I noticed such cases had a big boom in 2016. It is not impressive since every study planned this augmentation of ransomware attack ...

What is a ransomware

A ransomware is the contraction of ransom & malware. It’s a program designed to encrypt all your files using strong encryption algorithm. For the most basic one…

More advanced ransomware can also combine spyware (spy malware) functions and try to extract precious information from your computer or company. In all cases, you will need to pay around 2 to 8 bitcoins to get the decryption key. (1 bitcoin worth around $650)

When you firstly get infected by a malware there is little hope that your anti-virus will noticed it. Ransomware are rarely signature based (or very easy to change) program which means it doesn’t fall under the database of PC defense. Furthermore, this ransomware will mostly stay hidden at the beginning to spread and get ready to encrypt a maximum number of files and storage unit.

Who is targeted?

That is the worst part of this story, anyone can get a ransomware (a malware in general). I will often remember a small start-up who get fully encrypted and couldn’t afford the ransom. The manager will ask me this simple question “I don’t understand, why did they target me?”.

Unfortunately, nobody has the answer, even the hackers do not, most of the time, specifically target someone. They just send bottles (thousands of them) in the internet ocean…

Any company, persons or connected devices willing to take and open the bottles will get trapped. However, there is some specific cases in which you can be specifically targeted. In example, if you already paid the ransom… Or if your company holds precious information…

How to avoid such situation

There are mainly three axes that can help you in such situation:

Protect your entry doors

I’m obviously talking about website, exchange servers, network devices, firewall, servers, etc.… everything that is publicly opened to internet. It seems obvious but from my experience it happens a lot!

Get some good stuff

Still using an anti-virus? Change it. You don’t have web application firewall? Take one. No security policies? Create some plenty. Nowadays there is good behavior analysis protection that can spot plenty of attacks including ransomware.

Warn your employees

A huge, smart and deep security awareness program is key to have a successful protection since an important part of ransoming are being triggered by them. I’m not talking about very basic training stuff… you need to adapt to our digital area in an interesting way. (it has to be funny with a lot of drill)

If I get hooked, how do I behave?

~~Get out of your office, enter the church next your office, light a candle and pray for your files…~~ MAKE SURE TO DISCONNECT THE COMPUTER FROM YOUR NETWORK. You are crying a lot but to not share this ransomware with others. I thank you.

Most of ransomware have a countdown before getting more expensive, ignore it, it is only meant to give you pressure. In any cases, do not pay ransom or you could get even more targeted. Ransom should be paid only if there is no more choices and if these files are really precious!

WARNING: Paying the ransom is not always successful to decrypt your files. (yes they hack you, ask for money, but don’t have call center to decrypt them…)

Finally, warn your company if it’s a professional computer. There is still some small possibilities to decrypt your files but most of the time it is a good bye…

MY CONCLUSION

Ransomware is very popular because it’s lucrative, low-risks and few tracking possibilities. This attacks way are predicted to get huge but truth to be told, it only depends on you! If you continue to pay ransom, it will increase, if people stop to pay, then ransom activities will drop. It is that simple. If you get a ransomware, keep cool and contact a professional that will help you manage it the best way possible. (if he said that he can’t do nothing then strictly follow my procedure -> Go find a professional)

P.S.: But you have a backup of course... don't you?

Original post: RANSOMWARE, If I was a hacker I would call this DaaS (Decryption as a Service)