Villains, Thieves and Encrypted Files

  • December 01, 2015
  • David J. Bilinsky

Unfortunately, a number of law firms across North America are being hit by ransomware. This class of particularly nasty malware stealthily enters your system and starts encrypting your files or your operating system. You come into the office only to be met with a locked computer displaying a message demanding a ransom be paid (typically between $200-$10,000 payable in Bitcoin, per the FBI) or your files will be lost to you... forever. This type of malware is very effective and has earned millions for its creators.

According to Kapersky

(bit.ly/1M4qqZ3)
“The most common ways in which ransomware is installed on your system are via phishing emails or visiting a website that contains a malicious program that downloads onto your computer.

Ransomware is particularly nasty in that it stops the Windows service that keeps histories of changes to files, thereby preventing you from rolling back to prior file versions.”

So, you ask, aren’t there ways to stop this malware?

According to the Wall Street Journal

(on.wsj.com/1iS6nm7)
At a computer security conference in Boston last month, FBI Assistant Special Agent in Charge Joseph Bonavolonta said “certain types of ‘ransomware’ are so good that, to be honest, we often advise people just to pay the ransom.“

Well... that might work if the ransomware creators are competent at what they do. But what happens if you fall victim to crooks who are not, shall we say, at the top of their game?

The BBC reported

(bbc.in/1HFUPsP)
“Coding mistakes in a malicious program that encrypts data mean anyone hit by the Power Worm virus will not be able to recover files, say security experts.”

Dirty rotten incompetent scoundrels! What can you do when you run up against these viruses? The BBC article stated: “There is unfortunately nothing that can be done for victims of this infection,” wrote malware researcher Lawrence Abrams on the Bleeping Computer tech news website. “If you have been affected by this ransomware, your only option is to restore from a back-up.”

Now having a backup is always a good thing. Having two is even better. Having one on the cloud where, hopefully, the malware can’t find it and therefore can’t encrypt it is a very good thing.

It should be a backup service that is only connected to your network for the time that it takes to do a backup and then disconnects – maintaining an “air gap” for added protection. Unfortunately, Dropbox and Google Drive will not be effective against ransomware since the corruption that this malware creates would be copied up to their version of your files in the cloud.

Tech Republic

(tek.io/1ump9DX)
states: “[T]he most effective method to recover your files is by using a backup. If your files have been backed up regularly, connect your backup drive to a non-infected computer to check your files.”

You need true cloud backups with version retention that are enveloped in industry-standard encryption to survive such malware. Zero-knowledge Canadian backup services such as sync.com provide added protection since they provide end-to-end encryption and version protection.

Esentire, Paloalto Networks

(esentire.com) (bit.ly/1SKade1)
and similar threat detection systems are another emerging method to protect yourself against these threats.

Hat tip to Blake Wiggs for pointing me to the BBC article and Robert McNeney for supplying the title.

© 2015 David J. Bilinsky