How to Protect Against Virulent Ransomware

Wednesday, January 07, 2015

Rebecca Herold

65be44ae7088566069cc3bef454174a7

In early December, there were several reports about yet another type of ransomware, VirRansom, the next evolution of ransomware. It combines the ransomware feature of making data unavailable and locking up your computer until you pay the crooks a ransom with the feature of a virus, which allows it to spread to others. This basically means that not only will the ransomware take your computer hostage, it could also take all the other computers you communicate with hostage.

Some key points about VirRansom:

It not only can infect your executable (.exe) files, but it can also infect many other types of data files, such as file containers (e.g., .zip files), text documents (e.g., Word .doc files), photos (e.g., .jpg files).
It will spread quickly to large numbers of files, including those on other computers on your network, without you noticing anything going on with your computer.
When the virus runs, it installs itself on your hard drive using random filenames, establishes a registry entry that will result in it running again after you’ve logged out, and then it activates by loading a variety of processes into your computer’s memory. By the time you notice bad things happening, the virus has spread throughout your system, and possibly to all the other systems you’ve been on or communicated with, infecting possibly hundreds or thousands of other files. After many files are infected, you will get a pop-up screen that looks similar to Image 1.

Your computer will be locked, and your files will be scrambled, by the time you see this message.

Dell provides some articles about the impacts of, and how to remove, virulent ransomware.

Don’t be a victim

How can you prevent becoming a victim of this type of malware/ransomware? At a minimum everyone should do the following:

1)        Make backups of all your data and software on a separate storage device that is not attached to your network or computer except only when backups are made (during which time you should be offline). Have you done this lately? How often do you back up your critical data? Are your backups of your operating system and applications good and able to work when you need them? Be sure to test them occasionally to determine this.

2)        Use effective and constantly updated anti-malware tools. When was the last time you updated your anti-malware tools? Do they check for zero-day types of malware? Do they check for signs of ransomware? If they don’t, consider getting an anti-malware tool that does. There are anti-malware tools that identify and stop ransomware, so make sure you have this.

3)        Don’t fall victim to phishing attempts. Here’s a good article about how to spot and prevent phishing attempts. Educate yourself , your co-workers, friends and family, about ransomware; how to spot it and prevent from being a victim. Provide ongoing reminders and more formal training as appropriate.

4)        Don’t click on photos or videos without first considering the consequences. Did someone you know send you a type of photo or video that they’ve never sent before, and is out of character for him or her? Don’t click it. Contact that person and ask if he or she did indeed send something; someone may have spoofed or hacked the email and sent you the malware-infected image. Did you see something on a social media site that is making a bizarre or sensational claim? Don’t click it. By doing so you may be infecting your computer, leading to hours spent trying to get the tenacious ransomware removed.

5)        Educate your employees, family members and friends about destructive malware. Show them this article as a start.

And certainly, if ransomware such as VirRansom finds its way onto your computer, do not pay the criminals. If you do the steps above, particularly making the backups, you can reinstall your system, and then still have all your files, clean and intact.

 This was cross-posted from the Privacy Professor blog. 

15170
General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.