Ransomware for Hire: 3 Steps to Keeping Your Data Safe

Ransomware for Hire: 3 Steps to Keeping Your Data Safe

For most people, the idea of losing all their data would send shivers down their spines. The scenario is even more alarming for companies who could risk having to reinvent man-years worth of intellectual property should their data be lost. Yet, for thousands of companies daily this nightmare becomes reality. The driving force behind this scenario is malicious software accurately named “ransomware” that encrypts files once introduced to a system.

Security, they say, is only as good as the weakest link. And, in many cases, the weakest link is well-intentioned employees focused more on getting work done than doing so securely. With this in mind, let’s take a deeper look at the newest ransomware threat, Ransom32, and three actionable ways to keep data from being held hostage. 45714383_ml_monitor_cryptIn researching and reverse-engineering Ransom32, being sold online as ransomware-as-a-service, it quickly became apparent that it is different than other ransomware. Notably, Ransom32 was coded with JavaScript and uses the NW.js framework which allows for much more control and interaction with the underlying operating system. This benefits the developer as they can turn their web applications into normal desktop applications relatively easily—applications that are able to run the same JavaScript on different platforms and without the security-boundary restrictions of the web-browser.

As a result, an NW.js application only needs to be written once and is instantly usable on Windows, Linux and MacOS X. This means that Ransom32 could also easily be packaged for Linux and Mac OS X.  Ransom32 will encrypt users’ files, photos, documents and other data so that when their machine starts, they will see a ransom note demanding payment in Bitcoins in exchange for unlocking their data. To avoid this scenario:

  • Back Up Regularly
    While it’s a little like flossing for some people – you know you should do it, but don’t as often as you should — regular backups stored on a disconnected device really are the best first line of defense from ransomware. Ransomware will often explicitly target backups which is why it is important to store them where they can’t be readily reached.
    An external disk drive detached from corporate systems, or a cloud based file storage or backup system are all good approaches. Regardless of the method, regular (preferably daily) backups are an ideal insurance policy against ransomware attacks. Ransom32 is currently undecryptable without paying the ransom so don’t forget to test the data restoration process to ensure this insurance plan is actionable.
  • Don’t only Rely on Signatures to Protect Systems
    As a legitimate framework, using NW.js makes it more difficult for Ransom32 to be added to signature-based malware detection solutions and each sample may be differently configured by its ‘customer’. In fact, nearly two weeks after Ransom32 was introduced, signature coverage for it remains incredibly poor.Indeed, ransomware like Ransom32 in which signatures can be difficult to detect, are one of the reasons that ransomware is likely to be one of the biggest security threats this year. To address this issue, look for anti-malware protection solutions that don’t rely on signatures to detect and quarantine ransomware, but use smarter approaches like behavior blocking that watches out for certain behavior patterns in active threats rather than comparing known file fingerprints.
  • Real-Time Protection
    The greatest threat in many companies is the unwitting employee. Currently distributed by spam email campaigns impersonating delivery notifications, unpaid invoices and the like, Ransom32 quite literally banks on it. As with many other security threats, once an employee downloads and launches the package, the malware is able to execute its threat.Although employees should be educated about such threats, spam has become more sophisticated and the need for real-time protection is real. In addition, Ransom32 could easily be distributed through other channels, such as malvertising, exploit kits, or spear phishing. As a result, it is important to look for technology solutions that provide real-time scanning, blocking and quarantining of threats as they occur. And, it never hurts to remind employees of the very real threat presented by ransomware, regardless of its distribution point.Ransom32 is not just the latest ransomware, it is unique in that it packs the runtime and NW.js into one single executable which means it doesn’t need to rely on users having an existing framework installed illustrating yet one more way that ransomware is maturing and becoming a larger threat. In fact, Rick Holland, Vice President and Principal Analyst at Forrester Research, recently noted he doesn’t, “go more than a week without speaking to a client who has experienced a ransomware incident.”

bonsai-316573_1280The Chinese have a saying, the best time to plant a tree was 20 years ago. The second best time is now. With Ransom32’s authors offering anyone the chance to sign up, create their own custom version of the ransomware, download and distribute it, be sure to take time now to ensure these basic security principles are in place to proactively protect your data and decrease your risk of being held hostage.

 

 

 

  • Cat Tilley

    I’ve been telling users on forums, including this blog, for years, to backup their computers on a regular basis, have recovery media sets/other media for reinstall, for years. And to keep one’s personal data OFF of their ‘C’ drive. Transfer to a external, flash drive, optical disc, and remove it.

    While Emsisoft offerings are a frontline protection against the evil Malware distributors, no solution is bulletproof, if there were such an app, only the wealthy would be secured.

    Backup has to also be considered frontline protection, yet it’s hard to imagine in the year 2016 when backup drives are at all time lows per/GB, the usage of these are barely higher than the turn of the millennium. This has to change, along with taking security seriously, given the number of XP computers still in use that further compounds the issue, the threat is very great.

    Do what’s right now! Make a plan of action to back & take security seriously, otherwise be prepared to deal with the consequences of not doing so.

    Cat

  • Ravana Brahma Rakshas

    Hi. I like to see, support people of the emiSoft read this and answer here. Heuston, we have a problem here. this is what happened today and still not resolved. (1) – I saw chrome is going to a russian search site. investigated, saw that this DOOMED virus changed settings of chrome and locked it and does not let me remove it. (this thins: first sputnik blah blah) ……… (2) – I INSTALLED THIS GUY ( SpyHunter ) it found 701 malware and spy and stuff. (3) – I checked with microsfot virus scanner that I downloaded instantly, it wasted over one hour of scanning and told me this (NO VIRUS) — duh… I sent a very offensive email to some support gang of microsopft. go and sell potato and do not make virus scanner ……………… (4)- I installed EmiSoft – it gave me 260 virus report. It cleaned them and restarted…. still that first (sputnik) is in the chrome……………….. (5)- I checked again with (SpyHunter) after EmiSoft said all are gone, spyhunter found another 241 virus and stuff ……………. DUH….. this is my theory: SpyHunter ITSELF installs spy and malware and then gives you report ……………..AND I witnessed EmiSoft did not remove (sputnik) ………………second theory/question: WHOM I TRUST? certainly microsoft thing is LEMON…. spyhunter is UNTRUSTWORTHY and EmiSoft is eh…. at least, incompetent…… NO SOLUTION YET…. I GO WRESTLING WITH THIS NONSENSE VIRUS GANGS MORE…. IF I FIX THIS THING, i REPORT HERE. IF YOU HAVE SOLUTION, APPRECIATED.

  • Flavia Auditore da Firenze

    Just FYI, SpyHunter is a pretty shady software. I would not use it.

    If you need personal assistance with removing unwanted things, I suggest that you go to the forum and seek help in “Help, my PC is infected!” section. There will be instructions for you to clean things up.

  • Rocky Harris

    Anytime, anything of importance, something you cannot or don’t want to lose, you back it up immediately. Not a week down the road.

    For the past 6 months or so, WalMart has had SanDisk USB flash drives almost dirt cheap. 64 & 128gb drives. The 64 is less than $15 and the 128 is under $30. Everything of importance to us is on these type of drives. You can also find them very cheap at Newegg & Best Buy.

    I keep all my favorite programs on these USB drives. If I need to do a reformat for whatever reason, it makes the job a lot quicker and easier. My wife is a picture taking nut. Every photo we have ever taken in the past 10 years is on these drives. As of now, I’ve never had one of these drives fail.

    I’m not going to say being hit by one of these Ransomware bugs will never happen to us, but if it does, we won’t lose anything other than time spent restoring our computer.

    • Chiron

      I just invested € 84.99 in a 2TB external USB-3 drive (Toshiba) that fits easily in a pocket. To get the same capacity in pen-drives it would take 16 of them (the128GB kind) for about 5 times as much money.
      My wife is a picture-taking nut too, you know… ;-)

      • TVMan

        :-) Hello, Chiron. I have several external drives as well but in drive docks I use to back up, even the same files I keep on my flash drives. I’m a believer you can’t have important stuff you don’t want to lose backed up too many times. Also, I NEVER leave any of the external drives run when not in use. We all know the longevity of even the best HDD can be very short.