Cyber Security Education Series - Ransomware

Ransomware is a serious risk to all businesses.  Risk from ransomware continues to grow as the methods of the perpetrators continue to become more sophisticated.  The potential damage to your business and your customer service levels is substantial.

This online guide will help you to learn how to avoid the risks associated with Ransomware and how to deal with ransomware if you become effected.

Ransomware Introduction

What you will learn from this session

The dangers of Ransomware

How Ransomware can effect you personally


How Ransomware can effect your business

A brief quiz to check your knowledge and awareness of Ransomware

 

Upon completing this lesson you should expect to learn the following:

 

  • Definition of Ransomware
  • Understand how it is delivered
  • Comprehend its effect on your device and the company network
  • Minimize the effect of Ransomware
  • Report Ransomware attacks

What is Ransomware

  • A script is installed on your computer that locks access to your files
    • As an example a powerpoint (.ppt) or an Excel (.xls) file
  • The distributor of the Ransomware demands a payment to unlock your files
  • Ransomware may spread to other connected hard drives and network storage and servers
    • flash drives, hard drives, cloud storage etc.

How is Ransomware Spread?

Email Attachments


Web Links

How is Ransomware Spread?

Shown here are some examples of Ransomware attempted infections through the use of emails.   Some of these mails are very crude, but Ransomware attempts are typically becoming a lot more sophisticated.

Notice the use of a 'spoofed header' in the first example, making the email look more legitimate.  The real tell tale sign that this is Ransomware is in the URL of the link in the mail.  http://icekidsnursery.net has no relationship with the business, enom.com

How is Ransomware spread?

Malicious Ad Links

Many internet advertisements and pop-ups will direct users to sites that have file downloads or other teasers to entice users to download un safe software

Peer to Peer File Sharing

Peer to peer file sharing is fraught with risks.  Downloading bit torrent movies, music and other content puts the user at serious risk of downloading malicious files and other malware that may be embedded into downloaded files

Why is Ransomware being distributed?

Ransomware is very profitable for the perpetrators.  Recent studies have shown that around 20% of those individuals that are effected, end up paying the fees to the criminals.  These fees are always collected in non traceable ways such as through bitcoin exchanges or anonymous money transfer services

When attacking individuals, attackers often ask for small payments assuming the individual will pay the ransom to avoid the hassle of trying to recover files.  Even if the individual pays the ransom the attacker may keep the files or return them infected with more malware.  It is critical to report incidents as soon as possible.  

If an employee tries to pay a ransom without alerting their employer, the employer may be further compromised…

Several organizations in the healthcare, public sector and private industries have been affected by ransomware attacks.  Once one computer is infected the entire network is very likely compromised.  As a result employees are unable to perform their work and critical company and customer data can be inaccessible or even worse stolen.  Unless the organization has secure back ups this data is likely gone…

 

Should you pay the Ransom?

Paying the Ransom

Paying the ransom may seem like an expensive, yet simple fix to the problem.  However it is not always that easy.  There are no guarantees of a successful outcome.  Remember that you are dealing with criminals!

  • May receive corrupted files back
  • May leave behind additional malware
  • May not return (unlock) the files at all

Avoiding being infected with Ransomware

Preventing Ransomware and other Malware

Prevention !!

The best way to prevent a ransomware attack is to take all of the necessary precautions and actions before your computer becomes infected by any of the various methods that we have discussed

Browse carefully !!

There are bad things on the internet

Browse the web more carefully by avoiding the following:

  • Peer to Peer file sharing or download sites
  • Stick to web sites you trust
  • Use caution around links
    • hover over the link to verify its location and don’t click if you do not know where it leads!
  • Bookmark your trusted web sites
  • Avoid clicking on ads as they may be corrupted

Avoid unknown attachments

Attachments are the biggest source of Ransomware

Opening unknown attachments can create havoc on your PC and corporate network and give access to an attacker

  • Never download or open attachments from unknown or unsolicited sources
  • If you are unsure but you know the sender then verify if the attachment is legitimate
  • Never download scripts or executable (.exe) files
  • Do not enable “macros” even if a document asks you to, unless you verify the attachment is legitimate

Update all of your software, especially your Operating System

Update Software

Ensure that the software installed on your computer is always kept up to date:

  • Only download software updates from trusted sources
  • Keeping your software up to date ensures the latest security patches are applied to your operating system and applications
  • Keep anti-virus software up to date to ensure the latest threat management profiles are active
  • Always contact a Supervisor or IT Manager for assistance

Backup you data

Offsite Backups

Ensure that your data is backed up regularly to an external storage device:

  • Keep the device disconnected from your computer when you are not using it
  • Any back up device that is connected to an infected computer is also vulnerable
  • Offsite backups offer an extra layer of security and redundancy

What to do if you are a victim of a Ransomware Attack

Discovering a Ransomware infection

Ransomware Infection

Despite your best efforts to avoid ransomware you can not guarantee that you won’t be infected.  If you suspect that or, if you you’re computer is infected by ransomware, it is critical that you follow these steps…

  • Disconnect from the network by turning off the wireless connection or removing the Ethernet cable from your computer. In addition, disconnect from any external devices such as hard drives.
  • Power down your computer. If you can not do this using the normal method press and hold the power button.
  • It is essential to report any ransomware incident to your supervisor or your IT department. NEVER PAY A RANSOM!

Ransomware Quiz and Knowledge Assessment

Which type of Malware locks and encrypts your files until a ransom is paid?

  • Rootkits
  • Bots
  • Ransomware
  • Hijack Malware

What file types are typically used for the distribution of Ransomware?

  • Macro enabled Office documents, executable files and JavaScript files
  • Excel files, Jpeg, and screen saver files
  • Macro Enabled Office documents, screen saver files, and JavaScript files
  • Microsoft Word, Excel, and PowerPoint files

What does a Ransomware attack do to the files on your PC or Server?

  • Creates multiple sub folders
  • Blocks all access
  • Opens access to 3rd parties
  • Allows for remote access

Mark the following statement as true or false.

  • 93% of phishing emails now contain ransomware

Which of the following could infect users PCs?

  • Online ad networks
  • Malicious files hosted on peer to peer file sharing sites
  • Phishing emails
  • All of the above

Most commonly, Ransomware attackers request payment using the following

  • Paypal
  • Bitcoin
  • Western Union Transfer
  • Gift Cards

The best way to resolve a Ransomware attack is to just pay the ransom

True or False?

  • Ransomware can affect external drives if the drive is connected to your computer at the time of the attack.

Which four strategies should be employed to help prevent ransomware attacks

  • Use caution around links, only open executable files from a saved email, store old files off site, download from only known sources
  • Safe web browsing, don’t enable macros in attached documents, backup files regularly, and keep software up to date
  • Keep software up to date, have IT open any strange attachments that are emailed to you, power down and shut off your computer at the end of the day, only use the incognito tab feature when browsing the web
  • None of the above

If your computer is infected by ransomware you should ....

  • Power down your computer
  • Disconnect from any external drives and networks
  • Report the incident immediately
  • All of the above

Wrap-Up

Ransomware has become one of the biggest IT risks.  All employees have to be diligent in protecting their data and computer assets from the risk of attack.  

This course has been produced so that employees are aware of the ways to avoid and deal with a Ransomware attack.

We appreciate your commitment to this training.