Ransomeware usually comes in two different types. The first is screen locker ransomware, which usually appears to be some sort of message from law enforcement or other group that prohibits you from doing anything besides paying a “ransom” to unlock the computer. The second type is a crypto ransomware (generally referred to as “cryptoware”), in which an outside entity encrypts your files in such a manger that only they can decrypt them. “Reveton” is a prominent example of the first type (screen locker) and “CryptoLocker” one of the second (cryptoware).
Two of the most popular methods that are used by attackers to infect your machine are pre-existing malware infections, such as a banking trojan (“Gameover Zeus”) and/or a poisoned attachment sent via email which might be the result of a spear phishing campaign.
Although nothing can guarantee protection from infections, there are a few steps that you can take to help lower the likelihood of these attacks affecting you:
- Proper permission controls on your own PC and also on network shares (NAS, mapped drives on company networks etc.) as well as any devices connected to your machine. Don’t give users more permission than they need; for example, if they don’t need administrator access then don’t give it to them.
- Make sure to do daily backups that are kept separate from your devices, generally offsite. In addition to your own backups, consider using a cloud based backup service. If you choose to use a cloud solution, encryption is always recommended.
- Use a strong anti-virus program and make sure it is kept up to date. Ensure that if you download a file from the internet or an email attachment that you scan it before you open it.
- Ensure that all software on your machine is up to date and patched to reduce the risk of your machine getting exploited by a malicious payload.
- Use some sort of spam email filtering and web filtering software to stop attacks before they get to your machine or kill the outbound connection if your machine happens to get compromised.
- Make sure that you have a solid “Security Awareness” program for your company and that your users are educated
IT security is complicated, and one infected computer can have a major impact on your business. Take the steps needed to secure your computers before an infection strikes, and you will recover more quickly when it does. Archetype SC’s team of security experts are happy to assist your internal team in performing a full security audit or if you have been infected, we will help you remediate the issue and get you back up and running as quickly as possible.