Ransomware

Ransomware is a type of malware that infects your system, then locks or encrypts your most important data, allowing attackers to ask for a ransom. The attackers will offer to provide the decryption key only if you pay a certain amount of money within a short time.

Ransomware usually finds its way into a system through a malicious email attachment or through a malicious website that will begin downloading infected software onto the system. Phishing or Spear-phishing scams are commonly used to trick the victim into opening attachments by masquerading as another person or organization that the victim already trusts. Sometimes, more aggressive forms of ransomware are used that don’t require tricking users in any way and instead exploit weak points in system security.

Once the malware is on the system, it may lock down the system, encrypt the user’s files, or restrict the user from accessing any of the computer’s main features. While the system is locked down, the ransomware will pop up messages asking for a certain amount of money to lift the lock. On top of that, some ransomware will pose as an official government agency and claim that the lockdown is necessary for legal or security reasons. In every situation, paying the ransom is not a guarantee that you will completely unlock the system or remove the malicious ransomware.

Ransomware is often the largest security challenge faced by businesses in the modern world, especially for small and medium sized businesses who lack the resources to effectively combat the malware.

Today, ransom malware is becoming ever more widespread. It has become a preferred tool of hackers for several important reasons:

1. Ransomware is now created like a fully-developed piece of software. It is frequently updated and patched to mirror any updates that users are making to system security.
2. Ransomware development is so advanced that it is now even offered as “Ransomware as a Service” with dedicated customer support. This means that executing a ransomware attack requires no technical knowledge.
3. To effectively combat ransomware requires a big budget and a team of knowledgeable people making frequent updates to cybersecurity, something most businesses don’t have the resources to do.
4. Attackers don’t need to use technology to find their way into systems, instead they are adept at exploiting users and employees and tricking them into downloading email attachments or navigating to malicious websites.

The first record of extortion based malware dates back as early as 1989, but widespread use of ransomware didn’t begin occurring until the mid-2000’s. In the beginning, ransomware would usually encrypt files types that users would be willing to open, such as files with extensions like .DOC, .XLS, .ZIP and most image formats. Since then, ransomware technology has developed to target other important file types such as SQL and database files.

Over the years, cyber-thieves have added more features to their ransomware, such as countdown timers, incrementally increasing ransom amounts, and alternative payment platforms for ransom payments. More recently, ransomware attackers have expanded their targets to include larger operational systems like hospital networks and transportation service providers. In the future, as more devices connect to the internet, we will likely see more ransomware targeted beyond computers and servers.

Ransomware has quickly become one of the largest threats for business IT environments and currently accounts for around 40% of all spam messages. Paying the ransom might release the locked files, but it also invites further attack. Moreover, the damage ransomware can cause goes beyond the cost of the ransom. The disruption caused by a ransomware attack can hurt a business’ revenue, productivity, and reputation.

There isn’t a one-off solution for preventing ransomware. Instead, a multi-layered security program should be put in place to detect potential ransomware attacks, prevent the intrusion of malware, and allow for quick recovery in case an attack is not stopped.

Some general tips include:

1. Train users to be defensive. Never click on email links or open attachments from any email that is from an unknown sender or which looks suspicious. Never click links or download files from untrusted websites.
2. Keep computer operating systems and software up to date.
3. Don’t install any software that you don’t completely trust, and don’t give software more permissions than they need.
4. Install security software that covers all threat vectors. This includes email security filters, web filters, web application firewalls for your website, network firewalls with advanced threat protection, and endpoint anti-virus software.
5. Back up all company files and documents frequently and in multiple locations. Be sure that all backed up data is replicated to a secure cloud storage.

Barracuda provides a complete family of solutions to help you detect, prevent, and recover from ransomware attacks. See Don’t Be a Ransomware Victim to learn more or attend a free webinar.

Step 1. Detect Ransomware

A good first step is to identify any latent ransomware threats that may already exist in your organization. In fact, 47% of all businesses in the U.S. have been affected by ransomware, and 59% of ransomware infections have been delivered by email. Barracuda offers two free services to check your existing email and website for possible ransomware attacks as well as a variety of other advanced threats.

Barracuda Email Threat Scanner is a free service that checks for latent threats that are already in your Office 365 or Microsoft Exchange inboxes.

Barracuda Vulnerability Manager will scan your website and any web applications for possible vulnerabilities including ransomware. As with the email scanner, the Vulnerability Manager is a free service that takes just two minutes to set up.

Step 2. Prevent Ransomware

Preventing ransomware requires a comprehensive defense that covers every possible method by which ransomware can enter your network and reach users and data.

Network security

The foundation of an effective ransomware defense is a network firewall with advanced threat protection. Barracuda CloudGen Firewalls scan all network traffic for potential ransomware, malware, and many other cyber threats. They secure today’s dispersed network infrastructures, including on-premises, cloud-hosted, SaaS-based, and mobile elements, as well as third-party applications. They enable secure network connections for your remote workers, improve site-to-site connectivity, and ensure secure, uninterrupted access to cloud-hosted applications.

Email security

Barracuda’s email security products extend ransomware defense to your mail server, the most common source of ransomware attacks. Barracuda Email Protection is a cloud-based service that protects email from cyber-attacks and data theft. Barracuda Email Security Gateway provides this same level of protection in an appliance. To protect against the most sophisticated types of email phishing and impersonation attacks, it uses artificial intelligence to scan all emails for potential threats.

Web browsing security

Another common source of ransomware is malicious websites that users may visit by accident or by clicking on a link within an email. Barracuda Web Security Gateway safeguard web browsing to ensure that users do not inadvertently download malware or enter sensitive data to untrusted websites. It detects and blocks internal spyware that may be trying to access the Internet, and it provides detailed reporting of unusual or suspicious web browsing activity.

Website and web applications

Your organization’s website is a high-profile target for attackers. Despite the recent news about larger corporations and government agencies who were attacked, the majority of attacks target small to medium size businesses. Barracuda Web Application Firewall continuously monitors your outward-facing websites and applications to identify, log, and remediate thousands of potential attacks that can steal data, deny service, and infect your organization with malware such as ransomware.

Step 3. Backup and recovery

Even the best ransomware defense can occasionally be breached, which makes a robust backup and recovery system critical. If ransomware does reach your network, an offsite backup system can help you quickly recover your data and minimize business disruption.

Barracuda Backup automatically creates updated backups as files are revised, and duplicates them to the secure Barracuda cloud or to a private off-site location. If criminals encrypt your files with ransomware, first eliminate the malware, then simply delete the encrypted files, and restore them from a recent backup file. The whole process can take as little as one hour, letting you get right back to business, and leaving the criminals empty-handed.

See the following articles for additional information about ransomware protection.

• Barracuda Ransomware
• Wikipedia: Ransomware
• Barracuda Ransomware Checklist
• Whitepaper: Ransomware and Phishing
• Ransomware: An SMB's Worst Nightmare
• Whitepaper: Barracuda Advanced Threat Protection
• Whitepaper: Ransomware and Phishing