Almost every day we hear about cases of ‘Ransomware’ affecting running servers – an act we call digital terrorism. Let’s get a quick understanding of this risk and the preventive measures to mitigate it.
Crypto-ransomware gains access to a target server and encrypts all the files on that server. It scrambles the contents of the file so that you can’t access them without a particular decryption key that can correctly unscramble it. This makes the users or the administrators of the server helpless, and there are no known tools that can detect the hashing algorithms and then decrypt them. A ransom is thus demanded in exchange for the decryption key.
You may encounter ransomware in a number of ways: as email attachments, malicious links, or via exploit kits. You can be exposed to exploit kits when you visit a compromised website, click a compromised ad on an otherwise good website, or you are redirected onto a malicious site. The exploit kit tests your computer for any exploitable flaws or vulnerabilities, which are common in outdated software. If it finds an opening, the exploit kit downloads and installs the ransomware onto your machine. Once the malware has infected one server, it can spread to others in the network, making it impossible to carry out normal operations. The ransom fee is usually around $300 to $500 for a single server, and payment is often demanded in a virtual currency that is difficult to trace, such as BitCoins.
The growth of ransomware over the past few years has driven the security industry to create numerous tools capable of blocking these types of threats from being executed on computers.
So, how do we mitigate this risk?
There are many preventive measures one can take and validate to remain protected from such threats. Here is a list of a few important ones.
First and foremost, be sure to back up your most important databases, application configurations (snapshot or replication) and file servers on a regular basis. Most service providers offer backups as an ancillary service; so subscribe to help you recover your precious data without succumbing to ransomware threats! The single most critical factor that will defeat ransomware is having a regularly updated backup in place. If you are attacked with ransomware you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. Remember that Cryptolocker (a ransomware Trojan) will also encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores to which you have assigned a drive letter. So, what you need is regular backup management to an external backup service, one that is not assigned a local drive letter, or is not reachable from services running on the same host, etc.
Personalize your anti-spam settings the right way. Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr.