FBI warns of RansomWare “Locky & MSIL/Samas”

March 29, 2016

 

The FBI is asking businesses and software security experts for emergency assistance in its investigation into a pernicious new type of “Ransomware” virus used by hackers for extortion. – Reuters

What is Ransomware?

Ransomware is a malicious software that encrypts the users data and puts a bank level or higher encryption on those documents so the user cannot access their information. They often will offer to unlock your information they have encrypted for a one time fee typically paid over the dark web with bitcoin. I know what your thinking lets just pay….NO it doesn’t work, here are a few big reasons why:

  1. If you pay, you will have to login with accounts that may already be exposed. If they are not already stolen however, you basically risk showing them to people who are already monitoring you via a Trojan.
  2. By paying the virus creator, you may or may not recover your files – but every time someone pays the ransom, the criminals grow stronger. They are able to develop their software even more and more people, like you, suffer.
  3. There is really no reason for them not to give you your files back – but at the same time, there is always the chance you will pay but the files are not released and you will continue to search for a “locky datei” solution.

On Friday the FBI was focused on two types of ransomware “Locky” and “MSIL/Samas. These two try to seek out and encrypt data on entire networks at the same time. This is different from past viruses. Viruses like “Crypto Locker & Crypto” spread one computer at a time until they encrypted the whole network. Ben Johnson, co-founder of Carbon Black, a cyber security firm, said, “This is basically becoming a national cyber emergency”. Friday they found that not only do these come through emails but also through infected word documents.

How to minimize the risk?

Being smart and careful with any actions taken on a computer is extremely important. Also make sure you have a good recovery option. We are seeing the increase in attacks because : 1) More criminals are finding it a good way to make some cash; and 2) It is becoming incredibly easy to make these ransomware products. Here are three ways for us to help prevent and slow down the attacks of ransomware.

  1. Having good backups.
    • When these attacks happen often times the person infected or their IT company taking care of them look straight to their backups to see if they can restore the machines to an earlier date. Because viruses like these happen so often now, it would make this a prime area to increase your spending and make sure you have some good backups! Have a backup and recovery plan in place that consists of a whole network restore so that the hackers can’t just scramble the data. These attacks often times cripple not only the data but also the applications and functionality of a company. So a fast recovery option is critical.
  2. Checking Sharing and connections.
    • Ransomware comes from users interacting and sharing connections from their own PC. Having just one user not following protocol or opening an email from an unknown source, can quickly cripple a company. Ransomware is now advanced enough to spread very rapidly throughout an entire network. Ransomware can install itself on network drives and look for shared objects so it can spread even quicker. Companies need to revisit the amount of sharing that they do, the access that users have to shared files, and the monitoring that is done to those shared drives and objects by their IT company.
  3. Improve user and company protections.
    • The best way to combat these ransomware attacks is to keep it completely out of the business. Since the number one way is through users bringing it into the company. Business’s need to work on protocols to make sure that the employees using the computers are educated in what to do and not to do. Hackers have become smart enough to make emails look pretty legitimate. They also are making real innovations in the techniques used to get  past existing system defenses. Users need to make sure they do not open anything that looks suspicious and if you received an email from someone you do not know DON’T OPEN IT! Since things spread through documents as well, make sure you know that the document is clean before opening it!

Recap

With all these new ransomware attacks just be cautious of what you are click on:

  • DO NOT Open emails from suspicious people you do not know.
  • DO NOT open an email from yourself if you did not send one to yourself.
  • DO NOT open an email from a friend or employee if it looks suspicious, we promise you did not win a trip.
  • DO NOT open attachments that are word or file based from an email or thumb drive unless you know they are clean
  • DO use common sense
  • DO have a good backup plan in place, as its not if it will happen its WHEN it will happen.
  • DO call WACD if you are having problems, immediately.

 

We can fix your computer problems!

We are a locally owned and operated business that handles IT residential and commercial computer services and selling of hardware.