Ransomware Is Ratcheting It Up A Notch
Ransomware is ratcheting things up a notch in the latest wave of attacks in the past few weeks. You have probably heard of the the common forms of ransomware at this point that infects your local computer, locks your files and demands you pay a ransom to get your files unlocked. But the changes that are being presented in the last week or two are starting to signal some scary changes and a more critical risk to business operations.
So whats different in the latest wave of ransomware attacks?
- Instead of demanding ransom, the latest variants are actual what is termed a “wiper” instead of ransomware. This means that while it masks itself as a similar infection as ransomware, after infected there is actually no way to decrypt the files thus “wiping” those files from the system for good.
- In some specific cases, the ransomware is also modifying the Master Boot Record or MBR of the machine, thus rendering it unable to boot or make heads or tails of the files stored on the drive.
- Attacks have been combined with a security breach to give the bad guys access to the local machine in which they have uninstalled or deleted the backup software to render backups useless.
- Ransomware is now starting to use another exploit to jump from machine to machine across a network to expand the infection to a particular environment.
What does this mean to those affected now?
- Even if you pay the ransom, you may not be able to get your files back. So before you pony up Bitcoins you need to be sure you will be able to decrypt the files.
- You may not even be presented with a ransom at all.
- Backups may not help you. Depending on how long it has been since you were infected, the ransomware may wait until the backups are aged out and no longer relevant before it encrypts the files and notifies you.
- It can spread very quickly in a local area network
Bottom line is that in order to protect your data you need to make certain you are keeping patches up to date, backups up to date as well as tested regularly and reviewing your security logs and policies on a very frequent basis. One thing is for certain – ransomware is not going away anytime soon and is likely to get more aggressive and damaging. If you have ignored it thus far – you need to form a strategy around it now!