omniture

ESET Shares Five Tips to Protect Against Cryptolockers

ESET
2016-05-17 09:00 3298

NEW DELHI, India, May 17, 2016 /PRNewswire/ -- Ransomware is a topic which has continued to make headlines over the past few months, with new cases being reported across the region on a regular basis, and India is no exception.

For those not already in the know, ransomware is malware (malicious software) used by cyber criminals to hold digital files on smartphones, computers and other connected devices for ransom. This form of attack typically works by encrypting certain files, then prompting the victim to pay a monetary ransom for the decryption key. Perpetrators generally demand large amounts of money before users can regain access to their virtual property. The success of such attacks across the world has led to a surge over the past few years, and ransomware is now a popular way for malware authors to extort money from companies and consumers alike. Sometimes, ransomware has a built-in timer with a payment deadline that must be met. Once the payment is sent and verified, the program decrypts the files. If the payment is not made, the victim may lose their files and hardware.

Cryptolockers (a family of ransomware) have been actively spreading in large attack waves in various regions of the world. In India, the Hindustan Times recently reported how police and IT experts struggled to make sense of ransomware and decrypt files belonging to a researcher at the Maulana Azad National Institute of Technology.

The typical infection method used in these campaigns is an email with a malicious attachment. The message may be localised to the victim. For example, if a victim is believed to be in India, fake package tracking information might be sent in an email spoofed to appear as if it comes from Flipkart or a similar e-commerce site.

If the recipient falls victim to this scheme and opens the attachment, a Trojan executes on the computer, unless blocked by an antivirus program. In recent cases, the Trojan is often a downloader that retrieves and then executes the cryptolocker. The cryptolocker is then able to hunt for a wide range of file types to encrypt -- and once its dirty work has been done, displays a message demanding that the user pay a fee to have the files decrypted.

In such cases, the encrypted data files can essentially be considered damaged beyond repair. However, if the system has been properly prepared and secured, risk of data loss is significantly lower than in the case of an unprotected system.

With this in mind, it has never been more important to protect yourself against this kind of attack, and there are key tips to doing this effectively:

1. Back up your data!
It may seem simple, but the single best measure to limit the chance that you will be effected by a ransomware attack is by making sure to regularly backup your data. Remember that many cryptolockers will also encrypt files on drives that are mapped and have been assigned a drive letter, and sometimes on unmapped network shares as well. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores. A regular backup regimen is essential when there is an external drive or backup service that is regularly disconnected unless it is actively doing a backup.

2. Show hidden file-extensions
A cryptolocker frequently arrives in a file that is named with the extension ".PDF.EXE". This counts on Window's default behavior of hiding known file extensions. Re-enabling the ability to see the full file extension can make it easier to spot suspicious files.

3. Don't open attachments or click on links in unsolicited emails / messages
A typical method of infection is a user opening an unsolicited email attachment or clicking on a link in an email claiming to come from a bank or a delivery company. Remember to never open any unknown or suspicious email attachments, links or files.

4. Patch or update your software
Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto systems. You can significantly decrease the potential for ransomware pain if you make a practice of updating software often.

Some vendors release security updates on a regular basis (Microsoft and Adobe both use the second Tuesday of the month), but there are often "out-of-band" or unscheduled updates in case of emergency. Enable automatic updates if you can, or go directly to software vendor websites.

5. Use a standard account instead of one with administrator privileges
Using an account with system administrator privileges is always a security risk, because then malware is allowed to run with elevated rights and may infect the system easily. Instead, try and use a limited user account for regular daily tasks and the system administrator account only when it is absolutely necessary.

As technology evolves, the number of online threats faced by users is also increasing. Proactively keeping devices well protected is the single biggest and most effective step that will help defeat cryptolockers. In addition, keeping data adequately backed up is key to ensuring that if an attack takes place, the victim isn't forced into paying up.

According to Gartner, we are gearing up towards a fivefold increase in the number of devices connected to the Internet over the next five years, reaching 25 billion online devices. The challenge we are going to face is protecting more of these devices against ever more sophisticated malicious code. In this environment, it's important to educate consumers and make sure that we are doing everything we can in order to enjoy safer technology.

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.

Source: ESET
Related Links:
collection