Enter

Wednesday, 5 October 2016

Insights on Ransomware

 

 

 

 

 

 

 

 

 

 

What does ransomware do?

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
  • Prevent you from accessing Windows.
  • Encrypt files so you can't use them.
  • Stop certain apps from running (like your web browser).
Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.
There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

Details for enterprises and IT professionals

The number of enterprise victims being targeted by ransomware is increasing. Usually, the attackers specifically research and target a victim (similar to whale-phishing or spear-phishing – and these in fact may be techniques used to gain access to the network).
The sensitive files are encrypted, and large amounts of money are demanded to restore the files. Generally, the attacker has a list of file extensions or folder locations that the ransomware will target for encryption.
Due to the encryption of the files, it can be practically impossible to reverse-engineer the encryption or “crack” the files without the original encryption key – which only the attackers will have access to.
The best advice for prevention is to ensure company-confidential, sensitive, or important files are securely backed up in a remote, un-connected backup or storage facility.
OneDrive for Business can assist in backing up everyday files.In some cases, third-party tools released by some security firms are able to decrypt files for some specifically ransomware families. See our blog FireEye and Fox-IT tool can help recover Crilock-encrypted files for an example. Tim Rains, Microsoft Director of Security, released the blog Ransomware: Understanding the risk in April 2016 that summarizes the state of ransomware and provides statistics, details, and preventative suggestions to enterprises and IT professionals: Our Threat intelligence report: Ransomware also includes suggestions on prevention and recovery, statistics, and details.

(Source : Microsoft)