Ransomware – Paying for your own files

Any business, regardless of size, should ensure that their IT systems are secure and safe. Any data loss can have far greater repercussions than the actual loss. What if a nasty piece of malware infects your computer and you lose your data? Instead of losing it, are you forced to pay for access to your data Ransomware decryptor?

You read that right. What if your files were held hostage on your hard drive?

It is known as ransomware for obvious reasons. It rides on a Trojan horse virus, or another piece of malware that your system isn’t prepared for. Instead of closing down your computer or sending your personal data to the hacker who sent it, it creates encrypted copies of your files, then erases the originals. It’s like a safe. You need to have a combination to unlock the safe. This combination is called the encryption code. If it is done correctly, it will be impossible to crack.

When you attempt to access your files after they are secured, a message appears saying something like:

The new and unbreakable RSA-1024 algorithm has encrypted all your files. You will need to purchase our decrypting software in order to view and work with the files.

Sometimes, you will be asked to pay for the software directly. Other times, you may have to make a few purchases on certain websites. But either way, they want you spending money to access your files. Accepting that your data has been stolen is one thing. It’s quite another to find out that your files are still on your hard drive in your computer and that they cannot be accessed. What can you do? There are two choices:

  1. 1.Pay the hostage-taker
  2. 2.You can get around the hostage-taker to rescue as much data as you need.

Millions for defense, not one cent for tribute

Paying the ransom can have a variety of problems. Not the least is the fact the bad guy always wins. This is unacceptable. The problem is that you are risking sharing your financial information to criminals who will continue to steal as much from you as possible. This creep is not a boy scout, but a criminal. Is it possible to believe that paying ransom will get your files back? He could also just as easily run with the ransom. Keep in mind that the more contact he has, the greater his risk of being captured. It’s not worth it to have an agreement with him to release your data.

The Solution

While it is better to not pay the ransom, and try to break the encryption/work around it, it also has its downsides. Ransomware’s early versions had weak encryptions that could be easily broken. There were holes in the programming that could have been used to decode the malware and reveal the code. These problems have been eliminated by the latest version of the RSA-1024 encryption algorithm. This makes it a difficult nut to crack. Data loss and corruption are another major concern. No matter what route you choose to resolve this issue, your data is at risk. However, if you are unable to crack the code, that is a risk you must face.

The Nuclear Option

You may have exhausted all other options and feel that there is no way to save your hard drive. This is a “nuclear option” that would remove the malware and all its horrible encryption. However, it would also wipe everything else including any software you may have installed since the computer was first purchased. There are other ways that you can proceed, which are less destructive.

You can find the code by searching

Although the latest version of this malware isn’t yet compromised, it doesn’t mean previous versions haven’t been revealed. The first step is to go online and search for the malware. You can start by searching the name of the virus to see what results are available. Enter Trojan.Archiveus as an example and you’ll see the results. Symantec’s first listing in the search results will be the Symantec page. This page includes instructions for removal and the codes that you need to unlock the affected files. There are many other options if you don’t find what your looking for online.

You can restore from a clean backup

This could be a very simple fix, depending on when you last backed up your files. Most files will be restored correctly, but it could also be as damaging as a reformatting. However, if the backup is clean, it will be possible to remove the malware and encryption problem. However, you will need to restore the configuration that was susceptible to the virus attack. Make sure that your firewall and antivirus software are current and that your employees practice safe surfing when they are online.

Data Recovery

Windows’s funny side is that even though you may have deleted something, it doesn’t really disappear. The tag that the system uses to identify it is what gets deleted. It’s not that the information is gone, but that Windows can’t find it. These deleted files should not be lost as long as your hard drive isn’t formatted. Although it is difficult to do this yourself, hiring a professional can save you money depending on how valuable the files are. Be aware that data recovery can be imperfect and files may become corrupted. You also risk reinfecting the files if the virus is not removed before recovering the files.

Protect yourself

If your systems have become so infected that you are unable to protect them properly, you may not have been operating a tight enough operation. It takes just a few minutes to take a hard look at your IT security efforts and learn from the lessons you have learned. An effective IT security strategy has two components. You are not fully secure if they are not both engaged. These components can be both technological or human.

Technology

Antiviral software plays catch-up with viruses. So, an antiviral software works by playing catch-up to viruses. It is like closing the barn door after a horse has fled. While it does not protect against the latest viral attacks, it can prevent previously discovered viruses from infecting your computer. Keep your firewall, antispyware and anti-adware software up-to-date so you have the best protection. Whitelisting is a good option for cutting-edge threats.

Blacklisting is the principle that anti-virus software, antispam utilities and anti-spyware programs all work according to. Blacklisting means that something is removed from the exclusionary list. Anything trying to do something is then checked against this blacklist. It is prohibited to do anything if it is on the blacklist. For example, spam is removed from all e-mails and placed in a separate folder. Whitelisting works exactly the same way. Only whitelisted applications are allowed. It can’t do anything if it’s not on the whitelist. This is the best part about it. It works with both programs and devices.

This means that a file that has been piggy-backed onto an email or downloaded from a website can’t run because it isn’t on the whitelist. This means that the teenage son of the sales manager cannot install anything he downloaded onto her computer, or plug in an unapproved peripheral device to the machine. Whitelisting technology can be a good option because of its enhanced security and IT policy enforcement.

The Human Factor

Security-related situations are weakest when it comes to people. There may be completely honest people working for your company. They may be shining examples of virtue and light, or they might not. Unfortunately, Galahad-like goodness and honesty do not translate into intelligence or responsibility. Even the most intelligent people can make foolish and irresponsible decisions.

These irresponsible and foolish actions are often done with complete innocence from an IT security perspective. These include installing unapproved software on their computer, such as a screensaver or a new screen saver; plugging in strange devices (such as a USB thumbdrive) into their computer to check what it is; and other similar activities.

Employees who take out their laptops and use the WiFi networks in coffee shops or airport lounges to access the Internet can also be a source of trouble. These places can expose the user to many attacks that are difficult to detect. A whitelist solution, which covers both hardware as well as software, can help to mitigate the problems created by poorly-informed but negligent employee actions.

The bottom line

Viruses are generally annoying. They can cause you to lose time and money, spy on your activities and steal your personal data. Depending on which systems are affected or what information is taken, viruses can do significant damage. These are all things we accept as part of the risks we take when we use the Internet. Ransomware is a different kind of infuriating. Ransomware is not anonymous theft. It’s not normal to get angry and then start calling the bank to cancel your credit cards or take other steps to minimize the damage. It is not yet too late. In reality, the only real damage is what the coder is forcing you to do. The principle is the same as in the movie Saw. However, you will be using your computer and your credit card. This crime is simple extortion, which we associate with gangsters. It is unclear if law enforcement will treat it the same way as any virus. We’ll see.