Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pays a ransom to the malware operators to remove the restriction. Windows-based computers have always been the main target, but two weeks ago also a case of ransomware for OS X surfaced. The new OS X ransomware 'Keranger' infected the Transmission bittorrent client installer, which has put many OS X users at risk. Last week big-name sites were hit by a rash of malicious ads, spreading ransomware, which exposed tens of thousands of people within 24 hours. Ransomware is becoming a serious issue.
Ransomware is typically spread by means of an attachment in an e-mail message. The e-mail often appears to come from a known or important person. If the user opens the attachment the computer is infected straight away. Last week we had a case on our doorstep as well. An employee of a partner organisation contacted us in a panic; his screen was frozen and he needed to pay a ransom to get access to his files again. We were able to bypass paying the ransom because we simply restored the computer with a back-up; but not all people make frequent back-ups and technical knowledge is lacking sometimes as well.
There is also a new method of attack; sending .js
files in a zip file. This means it's possible to infect a computer via Javascript. The problem with .js
files is that they are easy to modify which makes it difficult or even next to impossible for a virus scanner to detect it. As a preventive measure for our partners and clients, we are now blocking .js
files that are send this way. A legitimate sender will receive a notification in case this is happening. Next to blocking .js
files, we have also provided our partner with instructions on how to prevent this from happening again.
Things you can do:
There are several simple things you can do to protect yourself. Below are some steps you can take:
- Users are easily tricked into clicking on attachments that look legitimate, but could be malicious. As soon as you click on it, it will be too late. It is extremely important to verify the sender; if you do not recognise the sender or are not expecting anything from the contact, discard the email immediately. Being more apprehensive is something you will learn:
- teach yourself not to click on everything your receive and before you know it it's part of your habits.
- Unfortunately, an attacker can also forge the sender, so if you do not expect a mail with an attachment from someone, verify it with your contact before opening it.
- Always update your computer. When an update prompt pops-up, patch right away, or as soon as you have time. Most patches are security related and by running the latest version you are closing off your system to many of the threats out there.
- Another highly important step is back-up your files! Hard disks are cheap nowadays, even fast SSD is quite affordable. Make sure you back -up often or use a program that prompts you to do so (like OS X time machine which reminds you to back-up). In case your files get hijacked, you can bypass paying the ransom by putting back the back-up. Please make sure you do not back up when you are infected; then you are too late.
- Always start with getting rid of the ransomware by using a virus scanner to find and delete the infected files. Then put back the back-up. In some cases it's better to do a clean install of your system and then put back the latest back up. This is not always a trivial process, but lots of help and manuals are available online. When in doubt, you can always ask your geeky nephew or niece to help you. We can unfortunately not assist you in this process. Please keep in mind that virus scanners are not the holy grail, you need to adhere to these steps as much as possible.
- Final advice: The more people continue to pay the ransom, the longer this dark ecosystem will be alive. If you are affected by ransomware, consider if paying the ransom is worth it or not. Prevention is the best way to go, so we hope these tips can assist you.