Blog Security
View All

31/03/2020

read

A Complete Guide to Ransomware and Malware

Malware can be a serious threat to your businesses and personal assets. Providing IT and cyber security solutions, here at CIS we know a thing or two about how damaging Malware and Ransomware can be, as well as the best methods of prevention. To get clued up on the best way to protect and secure your data, be that personal or business, read on.

What is malware?

Malware is a blanket term for any type of computer software that is specifically designed to cause unwanted or unwelcome issues to a computer system. Malware is designed to cause damage, and is largely used by those who have intentions to attack a computer’s core functions, spy on activity, or steal, tamper with or damage data.

Malware includes:

How dangerous is malware?

Our networks, PCs and mobile devices are a hub for our own personal data and sensitive information. The same can be said for company networks; there is an increasing reliance on computer networks and software to store and manage company data.

Malware infections and data breaches in the UK have the potential to become more of a problem than they currently are following the GDPR regulations. Not only is a data breach or cyberattack of any kind inherently damaging to PCs, networks and systems, but now they carry extra costs and risks.

Malware can cripple your business, no matter what type it is.

What does malware do?

Malware infects your devices and PCs in order to make money for their authors. Whether it is Adware that introduces popups or keyloggers that look at your login information, malware is insidious and intrusive.

How can you get malware?

Malware can be contracted from many different sources, and unfortunately, some aren’t even through your actions.

The main way is through malicious communications such as emails – unsolicited messages with dodgy attachments that when opened infect your system. However, they can also be found in seemingly legitimate applications, infected music files, new toolbars, software downloads and game demos too.

Some websites can perform a drive-by download of malware without you knowing about it – you enter a normal-looking, seemingly reputable site and in the background, something has been downloaded through that connection.

What about Mobile Malware?

Nowadays, we carry what is essentially a complex handheld computer in our pockets – in the form of a smartphone. On that smartphone, whether it is Android or iOS, we store reams of valuable data like personal information and financial details – and we do not protect our phone security nearly as diligently as we do our computers.

Mobiles can be infected in the same way as computers, but there are also instances of calls and messages with dodgy links or unreliable apps.

With billions of consumer-owned sophisticated handheld computers in use across the globe, malware authors can exploit weaknesses in mobile security – and can use that as a way past your business security too.

How to detect malware

Malware is developing and growing every day to become more sophisticated and harder to notice, so keeping your eye out for the following warning signs might help you find malicious software quickly and easily.

Malware in Computers

  • Computer slowing down

Look out for unexpected or sudden slowness when browsing the Internet, running local applications or in just general day to day use.

  • Unexpected Popups

Often, unexpected pop-ups are the types of malware that entices you to open a link because you have won some money. Be careful, as this is a common way that individuals find themselves exposed to a malware attack.

  • Mysterious loss of disk space/increased system usage

When malware is lurking in the depths of your systems, there might be less available disk space, and programs may be unexpectedly running in the background – causing the fan to be on full and sluggish response times.

  • Internet changes

You might notice your browser homepage changes or unusual toolbars, extensions and plugins appearing. Your actual internet usage might increase too – without you spending more time on the internet.

  • Antivirus stops working

Some sophisticated malware can interrupt the service your antivirus provides, disabling it from working or from being updated so the malware can run without interruption.

Mobile

Android operating systems make up over 80% of the mobile device market, and this makes them a wide target for malware. However, there are still some simple ways you can spot a possible malware issue on your smartphone or tablet.

  • A sudden appearance of popups and invasive advertising

Since complaints have been made about popups on computers, Adware has been less and less rife in the PC world – but on mobiles, with their lacklustre security, a sudden influx of popups might mean that you have inadvertently clicked a nefarious link somewhere.

  • Increase in data usage, strange charges on bills

Because malware does, in most cases, rely on sending information to a host via data or the internet, you will likely see an unusual hike in your data usage. This can also translate to charges on your bill for calls and messages as some malware can hijack these systems to call or message premium rate services, passing the cost on to your bill.

  • Strange calls or messages to family and friends.

One of the ways mobile malware can be spread is through calls and texts to family and friends, with infected attachments or links

  • Performance lags and phone overheating

In a similar way to computers, the processing capacity of mobile devices can be compromised when malware is present. This can cause lagging performance and overheating – in some cases, destroying the device.

With regards to iOS devices, malware is not a significant problem – the strict security measures that prevent users from downloading anything from anywhere else than the App Store (where Apple have closely vetted the apps available to download) means that creating malware that is effective against iOS security is very expensive. So, malware attacks are likely to be nation-state level targeted attacks. However, if you have a jailbroken iOS device, then you are more at risk of contracting malware.

How to prevent malware

There are many steps you can take to prevent any malware infection, and these should form part of your cybersecurity policy in both your personal and business space.

  • When visiting a link, make sure the domain name doesn’t end in an odd-looking set of letters. When you are browsing the internet, don’t click on popups.
  • Be aware of unsolicited emails and don’t open unknown attachments.
  • If you are looking to get new software, get it directly from the developer and don’t trust cheap websites.
  • In fact, avoid using Peer-to-Peer file transfer networks at all – they are hotbeds of malware activity and you really do not know what else you are downloading onto your PC.
  • Make sure that you keep your operating system, browser, and plugins up to date as security patches are being brought out by their developers to protect users from malware.

The biggest protection you can have for yourself and for your business is good, active, cybersecurity software. This should offer real-time protection, AI learning and recognition of threats, removal and remediation as well as backup and restore facilities.

What is ransomware?

Ransomware is a particular strand of malware that essentially holds data to ransom.

How does ransomware work?

There are a few types of ransomware that have been recognised, but the idea is that the cybercriminals get access to data, and prevent you from accessing or protecting it, asking for money for it to be released.

  • Scareware: a popup appears on your screen telling you that malware has been detected and you need to pay for it to be removed. This often poses as security software or tech support chats and is relatively harmless as no data is being held ransom
  • Screen Lockers: When a user logs into their computer, they are locked out from the system entirely, and there is often a page displayed that informs them they have broken some law, and need to pay a fine to get access to their system.
  • Doxware: data and personal information are being held, and if money is not paid, then it will be released on the internet. A form of blackmail, this is especially hard for individuals rather than businesses.
  • Encryption: in this ransomware attack, data is collected and encrypted, with the key held remotely. Access to the key – and the ability to decrypt the files – is offered in return for payment. This ransomware is dangerous as no software or any form of backup/restore process can get the data back – and even if you pay the ransom there is no guarantee that you will receive access to the data.

Ransomware was first noted in the late 1980s when malware known as PC Cyborg encrypted all the files in the C: directory after 90 boots. To unlock the directory, £189 had to be mailed to a specific address. This encryption software was simple to reverse if one was tech-savvy.

The next widespread ransomware attack was a screen locker known as WinLock in 2007. Infected systems displayed pornographic images, and the only way to remove them was via paid SMS.

Then came the most well-known screen locker ransomware – the Reveton family presented users with a screen bearing imagery that looked as if it belonged to the FBI or Homeland Security, accusing users of hacking, committing fraud, or in some cases, child pornography. To avoid prosecution, they had to pay a large fine in the form of a prepaid card – anything from $100-$3,000.

From 2013 onwards, ransomware became more sophisticated, with military-grade encryption and remote servers providing extra layers of complexity – and data under threat of deletion. Cryptolocker, WannaCry and Petya, along with GandCrab are some of the most well-known ransomware threats – in fact, it is believed that GandCrab has made the authors over $300,000,000 in paid ransoms since 2018.

How common is ransomware?

Initially, ransomware was targeted at individual users, often these people lacked sophisticated protection, so it was relatively easy to infect them.

However, it soon became apparent that big businesses would pay big money to protect their sensitive data – and that was where more sophisticated attacks began to happen.

A study completed by Malwarebytes (a cybersecurity software program) suggests that in the UK, ransomware detections went up by 365% between 2018 and 2019, so protecting yourself and your business from this specific type of attack is going to be beneficial.

Ransomware attacks are still mostly focused on Western markets, with the US, Canada and UK the top three targets. However, with the wider PC adoption throughout the rest of the world and relative wealth increasing, we can see the Eastern markets becoming more of a target.

How does ransomware spread?

Ransomware spreads in the same ways as other malware.

Infected websites, game demos, unexpected emails with attachments – and sometimes even photos – software, legitimate applications that aren’t regularly patched or updated, new toolbars, music files…

If a ransomware author is determined to get at your data, there are so many ways they can get in – and not all are due to user error.

What to do if you get ransomware

The first thing to remember is that if you are infected by ransomware of any kind, do not pay the ransom.

This has always been the advice of cybersecurity experts, but now has the backing of major lawmakers such as the FBI.

Paying the required ransom encourages these cybercriminals to attack more businesses and/or consumers, continuing the problem.

With some ransomware, free decryption programs are available, so you may be able to retrieve and recover at least some of the data that is being held hostage. Do not attempt to decrypt the data yourself; ask a cybersecurity or IT expert to ensure that you are not likely to make the situation worse.

If you have fallen victim to a screen locker attack, a full system restore or a scan from bootable CD or USB might be all it takes to get back into the system.

For a full decryption attack, you might be wisest to cut your losses and do a full remediation and removal of threat using sophisticated software. You will not necessarily get your files back, but you will be free of that malware.

How to prevent ransomware

On a personal level, if you are looking to protect yourself from ransomware specifically, following the general advice regarding avoiding any malware infection is good enough to encompass the ransomware threat.

However, if you are a business, and therefore a larger target for ransomware attacks, there are some more specific steps you can take. It is estimated that a data breach costs an average of $3.86m, including remediation, penalties, and ransoms.

  • Network Segmentation: keeping data on separate, smaller segments, reduces the attack surface.
  • Principle of Least Privilege (PoLP): allow users access only to the essential systems they need to use to complete their usual work
  • Educate Users: reiterate the importance of not clicking on links or opening attachments from unsolicited emails. Enforce secure user passwords and introduce Multi-Factor Authorisation.
  • Update Software Regularly: ensure that patches and updates are applied regularly, both in end-user environments and throughout the organisation.
  • Remove Obsolete Software: in the same vein as maintaining software updates, so-called abandonware is a risk to your cybersecurity – if it is no longer supported then get rid of it. Malware authors love unsupported software because there are so many opportunities for exploitation.
  • Regular Backups: Whether you back up to the Cloud, or to a USB or external hard drive, make sure you back up your systems as regularly and securely as is feasible for your business. When you have completed the backup, make sure to disconnect from the archive area to make sure that you aren’t risking infection.
  • Invest in Cybersecurity: Look for anti-malware software that offers real-time protection, learns through experience and can shield vulnerable programs as well as block ransomware. Regular monitoring of files, downloads, clicks and anything else.

If you need more information about any aspect of protecting your systems from cyberattacks, then contact the team at CIS. We are experts in protecting businesses using our software, infrastructure and Cloud solutions – and we can help your business too.

Share

How can we help?

Whether you have a project to discuss or just need some friendly advice, we'd be happy to help.

Get in touch

Keep up to date

Join our mailing list and stay up to date with all the latest in the IT world

Cookies

Cookies

This site uses cookies to help improve user experience. For these reasons, we may share data with our analytics partners. By using CIS, you accept our use of cookies. Find out more