Ransomware. A vicious virus infecting PCs globally using a simple but effective method to exploit money out of the end user – encryption.
Encrypting files is nothing new. Businesses do it all the time using encryption software such as BitLocker to keep their files locked up and keeping the only access key inside their virtual pockets. This is, and should be, considered best practice.
Ransomware inputs its own encryption on the drive without providing the key to access it. Well, not until the end user pays (and sometimes not even then). For a business with sensitive data files it needs to continue operating, paying off the typically ~$500USD ransom is worth it over losing potentially years’ worth of work. This is how ransomware thrives – it knows the price point is low enough to get businesses to pay, and with anonymous payment via BitCoin and Tor web browsers any trace linking the cyber-criminal to the crime is virtually erased.
Getting the virus onto the PC is even easier. Google “ransomware” and you’ll read thousands upon thousands of articles of businesses, government offices, schools, home users, and even police stations getting infected. This is because ransomware comes in many different disguises and all it takes is one user to click a link they shouldn’t have to activate the virus.
How it starts…
Think of Suzie in Accounting. Maybe Suzie is waiting on an invoice to come in from a client. She’s sipping coffee, checking her favorite blog, when suddenly an email notification appears onscreen. “INVOICE 1552” it reads. Suzie clicks the email and in the body of the message it contains a vague-yet-slightly-accurate paragraph telling Suzie an invoice has arrived. Without thinking about it, she clicks the attachment claiming to be an invoice. After all, why wouldn’t she?
Unbeknownst to her, Suzie just inadvertently infected her PC and soon to be the rest of the PCs in the business with ransomware. All it takes is one person for this to happen, as ransomware likes to find attached networks and start infecting those too.
By this point, I hope you see why ransomware is so dangerous. It takes one lapse in judgment to get into the business and start spreading. Within a few hours the virus can bring the business to a standstill.
How do we stop it?
At this point most IT technicians will tell you the only way to stop it is to have constant backups stored offsite. If infected, start nuking the old machines and restoring from those backups. This method is rather scorched earth, but it gets the job done.
Recently, Malwarebytes announced a beta version of their anti-ransomware software. At the moment it has been known to stop quite a few leading ransomwares from infecting the PC.
Antivirus and anti-malware can’t stop an infection from ransomware if an end user decides to run an attachment found in their email by accident. In fact, nothing will.
RollBack Rx has flown under the radar for its anti-ransomware capabilities. But our instant recovery software can get an infected machine back up and running inside of a few minutes. How? It’s simple. Once installed RollBack Rx will take snapshots of the PC on a schedule defined by the administrator. These snapshots are not Windows file-level backups, but rather lock and encrypt the drive and all its information at the time it was taken on the sector-level of the drive. Ransomwares currently do not run on the sector-level and therefore these snapshots cannot be infected.
With RollBack Rx getting out of ransomware infections is as easy as loading into a snapshot taken an hour before. Maybe you lost the work from the past hour, but that’s nothing compared to the headache and anxiety from an unprotected PC and network.
For more information on RollBack Rx click here.