It is not new – the concept of cracking a web server or PC system, blocking the owners access until a ransom demand is paid. Probably one of the few instances that got to the public eye was back in late 2012 when the Miami Medical Clinic on the Gold Coast had its medical records held for a ransom of $4,200. More recently I know of an Optometrist in Australia who also had their systems held to ransom but only for $700. These are not isolated cases according to the FBI and Australian police and security agencies. The problem is most occurrences are never reported. The SMH reported back in 2012 that even then thousands of Australian businesses had been held to ransom in this way.
What was interesting in the case of the optometrist was that after finally obtaining a police contact they thought may be able to help them, they discovered that the police system a that station were in themselves infected by the same problem. At present the optometrist is still trying to find someone in the police force who they can talk to about their problem.
There are several ways in which these viruses can be spread and they will either attack your web server or your PC. The most common and widely known malware is Cryptolocker but a new program called PowerLocker (formerly PrisonLocker) presents w whole raft of new challenges. Without getting into the technical detail, the viruses can be spread through email attachments, they can directly attack your PC or web server or even be contained within images you view in a browser. IN a recent case with Yahoo, it was found that the CryptoLocker virus was being spread through YahooMessenger
The problem is further exasperated by the fact that many antivirus systems simply did not have the measures in place to identify this virus. You are well advised to ensure you have appropriate antivirus and system security systems in place and as always, the cheapest is not the best solution. If you wish to know more about what it looks like and how it works, then this article posted by Yahoo “Malicious Ransomware Can Hold Computer Files Hostage” provides a good description.
So how do you avoid being infected. There is no guaranteed answer to this. Our advice is however be sure you have commercial grade antivirus and firewall security systems in place on your PC’s and servers. If these fail then you are in trouble.
Minimising the impact of such infections is your best course of action. It is all about Risk Mitigation – those processes and systems you can have in place that won’t negate the problem occurring however they will minimise the impact if and when it does occur.
AntiVirus | Internet Security: As well as being a mechanism you can put in place to prevent being attacked, such software also serves as a mitigation process. Remember, you can’t rely on such software as being 100% guaranteed. Be sure to use commercial grade systems and check out details of how often they provide updates. Also understand the need to protect your servers as well as your PC’s.
Backup Systems: What you must have in place is a strong backup process driven by backup software that is automated. What you need will be a system that creates system backups – taking image snapshots of your full system enabling you to rebuild your PC or server in the event of a complete faiulure. These backups are different to databackups which merely enable you to restore your data files. A system backup takes a snapshot image of your system and with a reboot CD, you can rebuild your system in its entirety from your backup including all your applications. In the case of ransomware, this approach relies on you having offline backups. Remember, if your backups are online then they too will be infected with the ransomware rendering them useless.
Avoid Open Source Web CMS: The easiest way to attack web servers is through the web delivery platform itself. Open Source web development patforms such as WordPress, Joomla and Drupal are easy targets and of course the most common hit simply because of their nature. If yu are going to use such platforms it is imperative that you keep all your system updates current. Also ensure that the appropriate security systems and firewalls are in place on yrou server and that the required system configurations have been set correctly.
You alternative is to use a CMS platform that is not open source and is designed to disallow upload of executable code that contains this sort of Malware.
All our websites are built on the Business Catalyst CMS platform that does provide the secure environment to prevent upload of malware into your site. As a cloud based solution, all updates to the system are applied directly by Adobe and we and our clients need not be concerned with keeping our system updates applied as this is all done for you.
The advice given here is a rather simplistic view and we strongly advise that should you find your system attacked by ransomeware that you contact your IT Support as there are so many ways in which you can be infected. The solutions available are not easy, will invariably be complex to put in place and will require technical skills beyond the average PC owner. We also strongly suggest you contact the police. It may not save your system but it may help others from being attacked.