Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search
Calendar
IRMSA Risk Chat
Blog Home All Blogs
Search all posts for:   

 

View all (61) posts »
 

Ransomware – the malware that is holding South African companies at gunpoint

Posted By IRMSAInsight, 25 April 2016

25 April 2016 
 

 

Ransomware – The malware that is holding South African companies at gunpoint

 

Ransomware is a type of malicious software (malware) that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. 


There are different types of ransomware. However, all of them will prevent you from using your computer, server or now even mobile device. They can:

  • Prevent you from accessing your operating system
  • Encrypt files so you can't use them
  • Stop certain apps from running (such as your web browser)

 

They will demand that you do something to get access to your device or files:

  • Demand you pay money – normally in bitcoins
  • Make you complete surveys

Often the ransomware will claim you have done something illegal and that you are being fined by a police force or government agency. These attacks can be incredibly lucrative: One researcher found that a hacker made more than $1 million in a single day off of hapless users desperate for their data back.


These claims are false. It is a scare tactic designed to make you pay the money.


Ransomware has the potential to attack the Internet of Things.  In one instance, a researcher was able to infect a TV with ransomware.

Ransomware is now even attacking smart phones.

Last month, one hospital paid $17,000 in ransom when ransomware attacked its computer system.  The computer network was down for more than a week, and patients had to be transferred to other hospitals.


Prevention Tips

 Essential first steps

  • Use a reputable antivirus solution and ensure it is up-to-date.
  • Regularly backup your important files.
  • Ensure all software is up-to-date especially highly targeted software like Java, Acrobat Reader etc.
  • Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
  • Awareness is key - Educate all users about the threat.

 

Advanced

 

  • Have a pop-up blocker running in your web browser.
  • Show hidden file-extensions.
  • Filter EXEs in emails.
  • Disable files running from AppData/LocalAppData folders.
  • Disable Remote Desktop (RDP).

 

Dealing with an Infection

 

  • Disconnect from WiFi or unplug from the network immediately.
  • Remove the malware with your AV vendor’s removal tools; additionally look at the list provided below. 
  • Use System Restore to get back to a known-clean state.
  • Set the BIOS clock back.
  • Decrypt the encrypted data (tools listed below).

 

Removal/Prevention Tools

   Computers

Solutionfile.trendmicro.com

Labs.bitdefender.com

Foolishit.com

Blog.malwarebytes.org

 

 

 Mobile

Play.google.com

  Decryption tools 

 

 

Noranson.kaspersky.com

Decryptcptolocker.com

Blog.emsisoft.com

Talosintel.com

Thirdtier.net

Bitbucter.org

 

 

Article sources:

 

Definition/Ransomware

Microsoft.com

Ransomware-on-a-rampage

 

 

 

 

 

Connect with us and share your views:

   

 

 

Copyright © 2015 IRMSA - All rights reserved.

You are currently signed up to the IRMSA Risk Chat mailing list. To unsubscribe click here.

144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor
Email: communications@irmsa.org.za

Tel: 011-555-1800 

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ 

 

 

This post has not been tagged.

Share |
Permalink | Comments (0)
 
Sign In


Forgot your password?

Click here to join IRMSA