New computer virus ransomware is the newest threat to many companies as it restricts access to computers until victims pay ransom to the hacker for its removal.
The malicious programme locks up a device until an amount of money, usually in Bitcoin, is paid to the perpetrator of the hack. Bitcoin is a digital peer to peer payment system that takes place between users directly, without an intermediary.
PC Repair Dundalk first encountered the virus four years ago with “the simple garda virus”, however since then it has been a huge problem for many local business and home users.
“We're seeing more and more infections on a daily basis (average 3/4 cases per day)”, they said.
Not only is the device locked up but the user is led to believe that personal data will be leaked if they do not pay the Bitcoin.
Dalton Dullaghan sales and admin at PC Repair:
“Unfortunately, there is no way to decrypt the encrypted data without paying the 'bounty'. The sole copy of the decryption key resides on the hidden cybercriminals server. The only valid way around paying the bad guys is to restore from a backup (if any).
“If you don't have a backup and you need the data....time to start paying up. Usual payment method is in BitCoin - There are no assurances that the bad guys will honour their side of the agreement either”, he said.
Trend Micro's analysis showed that despite this threat, the program doesn't actually have the ability to leak personal information.
“At the moment, the leaking of files is not happening through the ransomware we have encountered, although it is only a matter of time. Leaking of data, however is currently happening in spear phishing attacks on individuals within businesses.
“The result of this is usually the bad guys gaining access to your email account and sending emails / using information they have gathered for their own financial gain. We have see losses in excess of €70k on the back of one email account being compromised locally”, Dalton added.
When ransomware first started appearing, it would include a fake alarming message telling the user that his or her computer had been infected and would need to be wiped clean with an anti-virus software. However newer attacks are less dependent on user interaction and more dependant on weak security practices.
The best defence against Ransomware is Employee/User education. Antivirus /Spyware Protection, Firewalls and Spam filters are all essential when implementing proper IT security.
“However these measures are all powerless if the user is not 'click-aware'. If a user is going to open attachments without thinking - a €60 piece of software is not going to save them,” he said.
“In 2006, all computer users were plugged in and aware when it came to email attachments/links and the dangers that came with them. However people have forgotten these basic policies and what was then old is now fresh again,” he added.
The virus can distribute without the victim even realising that anything has changed. Cybercriminals scan the internet looking for vulnerable servers to attack. The timeline given to users is four day, if the payment isn't made, the price of decryption will increase to 1 Bitcoin.
Apple products have a reputation for being 'immune' to viruses, however they are at risk to ransomware. As recently as March 2016, KeRanger discovered a Ransomware specifically targeting Apple's OS users.
Ransomware has a history of targeting small business. However over time they have started to target major government and healthcare organisations as well as online news publishers.
The PC repair centre has offered some recommendations to combat these cyberattacks:
1. Educate Employees / Users
2. Back up your files - offsite preferably.
3. Avoid clicking untrusted email links or opening unsolicited email attachments
4. Ensure you are running adequate Anti-Virus & have a decent SPAM filter enabled on your email system
5. Apply windows and other software updates regularly.
6. Don’t install programs from unknown sources
7. Eliminate Out of Date software and hardware (Server 2003 / Windows XP)