Regardless of the type of Ransomware we are talking about (there are seven major variants) the consequences of an attack are the same: your data files get scrambled, at which point the crooks offer to sell you the decryption key.
The latest threats include ZEPTO (a variation of the Locky strain), ZCryptor, and self-propagating iterations of the malware. Since this problem is not going away any time soon and stakes keep getting higher, it has become essential for small and midsized businesses to update their understanding of Ransomware in order to properly protect themselves.
Ransomware has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”
And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.
Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.
Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.
When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types — inferring that creators of the malware were continuing to develop its source code.
It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins ($500 US) unless payment is more than four days after infection — then it increases to five Bitcoins ($2,700 US).
Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software daily.
Still concerned about your security? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock.
Bob Milliken is the TheITguy@CascadiaSystemsGroup.com specializing in helping businesses with their IT needs and is the partner your company needs to take full advantage of everything that Cloud Computing has to offer.Connect with him at 604.270.1730.