This article provides information and best practices to stay protected against ransomware.
What is a ransomware?
Ransomware which is often called CryptoLocker, CryptoDefense or CryptoWall, is a family of malware that limits or even restricts users from full access of their computers. It usually locks the computer screen or encrypts the files. The recent types of ransomware called crypto-ransomware, ask the users to pay a certain amount to get an unlock key.
How does a ransomware attack happen?
In many cases, a ransomware attack starts in two main ways:
- Malicious email
When a user opens a malicious attachment or link, the ransomware is downloaded and installed in the computer.
- Malicious websites
Another way to get infected with a ransomware is when a user visits a legitimate website that has been infected with an exploit kit. Popular websites can also be temporarily compromised.
After the ransomware started getting in to the system, it takes further action:
- The attacker’s Command & Control server is contacted to send information about the
infected computer and download an individual public key for it.
- Specific file types (which vary by ransomware type) such as Office documents,
database files, PDFs, CAD documents, HTML, XML, etc., are encrypted on the local
computer, removable devices and all accessible network drives.
- Automatic backups of the Windows operating system (shadow copies) are frequently
deleted to prevent data recovery.
- A message appears on the desktop explaining how the ransom can be paid (typically in
Bitcoins) in the specific time frame.
How Sophos Home protects against ransomware?
The Sophos Home has a CryptoGuard component which is responsible for detecting and blocking any file encryption behavior on each protected systems, and rollback of any encrypted files. Depending on the type of encryption technique, CryptoGuard can stop the ransomware before it encrypts the files. If the ransomware is stopped right after the files are encrypted, a rollback is no longer available.
To perform its file recovery capability, CryptoGuard requires 3GB of available hard drive space.
What to do when a ransomware hits?
Most of the time, Sophos Home detects and blocks the ransomware immediately. In the event that the attack becomes successful, it is important to ensure that the Sophos Home installed is properly working. Check that it is updating and reporting the status to your dashboard correctly. Resolve any errors and if a re-installation is required, do it as soon as possible. Make sure full scans are run on the affected machine.
Best security practices to apply now
Backup regularly and keep a recent backup copy off-site.
Enable file extensions.
Don’t enable macros in document attachments received via email.
Be cautious about unsolicited attachments.
Don’t give yourself more login power than you need.
Consider installing the Microsoft Office viewers.
Patch early, patch often.
Stay up-to-date with new security features in your business applications.