Jon Thordarson / 14. Dec 2016

Could you be held to ransom?

Today’s anti-virus programmes are good, and they are getting better all the time. By scanning both your hardware and your software for threats, identifying and quarantining anything questionable, and then ‘cleaning the affected files, products such as ESET, Norton and MacAfee – along with a host of others – have saved businesses billions of pounds in lost time, lost data and replacement kit.

What anti-virus programmes cannot do, however, is prevent attacks on computer networks’ most vulnerable points: their users.

By inviting computer users to click on links, attachments or images in emails or social media posts, ransomware is able to download viruses onto those computers. The viruses then block the user’s access to their data until a ransom is paid into an anonymous bank account. However, there is no guarantee that the files, device or system will be unlocked, even if a ransom is paid.

According to Dell EMC, all size of organisation from SMEs up to global technology firms have been hit with ransomware attacks. It says FBI figures for the first three months of this year show $209m was extorted by cybercriminals using ransomware.

Meanwhile Arstechnica reports that security flaws in Facebook and LinkedIn allow a maliciously coded image file to download itself to a user’s computer. Users who notice the download, and who then access the file, cause malicious code to install ransomware known as ‘Locky’ onto their machines.

Locky has been around since early this year, and works by encrypting victims’ files before demanding a payment of nearly £300 for the key. The report says that there has been a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”

Hacked has also reported a new form of ransomware that researchers have called ‘Ransoc’ because of its connection to social media. Unlike ransomware such as Locky, which encrypts a person’s files before demanding payment, Ransoc customizes its demands to its victims. After scanning a person’s computer files and social media to find potentially incriminating evidence, it then sends a penalty notice, threatening victims with court action if the amount isn’t paid. As it doesn’t encrypt a person’s files, the ransomware relies on a victim’s fear to pay the money straight away.

Despite ransomware’s targeting of IT’s weakest link – it users – there is something you can do to protect you and your business against it. datastring’s secure back-up and storage solutions allow you to safely store your data off-site. If your systems do become infected with ransomware or any other form of virus, you can recover the data in full from a restore point immediately before the infection occurred. It is something that can’t always be achieved with many of the standard cloud storage solutions currently available, as these usually only store the last 30 days of your backed-up data, meaning that any subsequent recovery may include the infected files.