Let’s Talk Ransomware

Written by Dwayne Adams, AME Engineer

Have you heard of Locky? It’s a cheery-sounding name, but it’s also a nickname of a new strain of Ransomware, which is a growing problem for all. This type of malware prevents or limits users from accessing their system. It forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other types use TOR to hide C&C communications (called CTB Locker).

How Does Ransomware Find You?

Users may encounter this threat through a variety of means. Ransomware can be downloaded by untrained users visiting malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware is delivered as attachments to spammed email!

What does it do to your computer?

Once executed in the system, ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password. In the first scenario, ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets, and other important files.

Please feel free to share this with your staff as this could happen to anyone surfing the internet or checking email. Additionally, you could use this as a reminder for all users to save their work to their Home drives (H:\) instead of a backed-up location. If you suspect someone has a Ransomware infection on their machine immediately turn off the power and disconnect it from the network, then contact your IT department or personnel. In nearly all cases we’ve worked with so far, the root cause was a spam email opened from one computer that encrypted other workstations and servers on the network.

Here are some useful links if you’d like to read into greater detail on the subject.

http://blog.imperva.com/2016/03/the-secret-behind-cryptowalls-success-key-findings-from-our-hacker-intelligence-initiative-report.html
http://www.trendmicro.com/vinfo/us/security/definition/Ransomware

Contact The AME Group today, we can protect you and your business from Ransomware or any kind of IT threats.