Ransomware usually propagates via infected email attachments, website downloads, and USB drives. Following infection, the malware encrypts all files on the computers’ hard drive and any connected network drives. Those files remain encrypted and inaccessible until a ransom payment is made. Often, the malicious actor places a “self-destruct timer” to instill a sense of urgency in the victim and threatens that if ransom is not paid by a certain date, the files will be inaccessible forever. Victims that do not have adequate data backups have a decision to make: pay the ransom or lose their documents. Many times, even if the ransom is paid, the criminals do not remove the encryption and in some cases, ask for more ransom payments.
BIT has, unfortunately, had to rebuild an agency computer compromised by ransomware. Coincidentally, we have seen many email messages with malicious ransomware-infected attachments. Efforts to fight ransomware continue in information technology and law enforcement departments worldwide. Nearly a year ago the FBI and Interpol had been provided the decryption keys for files locked by a specific ransomware application This success followed the public issuance of an indictment against a Russian hacker who was a primary contributor to the development of many ransomware applications. This victory was short lived, however, as newer versions of that ransomware and closely related clones of that software, such as CryptoWall and TorrentLocker, are back in business.
So how can you help prevent a ransomware infection?
- Don’t open or click on links in unsolicited emails, and don’t download files from untrusted sources.
- Do not use free or found USB drives.
- Backup, backup, backup! BIT regularly backs up data stored on network drives. However, individual files stored on a computer are not backed up by BIT. Make sure to backup your files on your home computers.