Trusted ransomware removal & protection | TechBrain is your Trusted IT Department

HOW TO PREVENT THE RANSOMWARE ATTACKS SWEEPING THE WORLD.

On 13 May, 2017, a massive ransomware cyber-attack has impacted more than 200,000 victims in nearly 150 countries around the world. It is vital that you act now to stay ahead of future attacks.

WHAT IS RANSOMWARE?

Simply put, ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Hackers will put a ransomware virus on your computer – or your entire network – that makes it impossible for you to access your files until you pay them to unlock it. If you are not prepared to pay this ransom, then you’ll have to carry out ransomware removal.

WHAT IS THIS ATTACK?

This ransomware attack was caused by a bug called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows and spreads via email. WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems to gain access to terrorists computers. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol.

Despite the fact that the vulnerability was resolved by the security update (MS17-010) provided by Microsoft on March 14, 2017, many Windows users had still not installed this security patch when, on 12 May, the WannaCry ransomware attack used the vulnerability to spread itself. This attack was unique because it used a worm. Worms differ from common Ransomware in that they can exploit weaknesses within the operating system, meaning that they do not require access to files and folders of local systems in order to spread. They utilise vulnerabilities that allow for remote code execution.

WHAT DO THEY WANT?

In this case, the ransomware is demanding that users pay $300 to get their information back. However, within the last month, TechBrain has read in the press about numerous attacks where the cyber criminals demanded amounts in the millions. In 2016 Trend Micro identified a 752% increase in new ransomware families ultimately resulting in $1billion in losses for enterprises worldwide. This is a large and growing issue for all organisations.

WHAT CAN I DO TO PROTECT MY BUSINESS AGAINST RANSOMWARE?

The ransomware recovery services that we offer are multilayered. TechBrain in Perth recommends the following approach to control ransomware attacks:

 

WHAT HAPPENS IF I GET ATTACKED AND HOW CAN I CARRY OUT RANSOMWARE REMOVAL?

If the worst happens and you find yourself under attack from malicious software that’s locked you out of your system, with a message demanding payment then you will most likely need professional help to get cleared of the virus and to recover potentially locked data. Do not pay the attackers any money. Our ransomware recovery services can assist you in clearing your systems of all malicious viruses and get you back up and running. In many cases, ransomware data recovery is possible when the right decryption tool is used, the ransom payment is withheld, and the type of malware is identified.

WHAT TO TELL STAFF

Ongoing education throughout the entire process is critical. Ensure that staff are aware of the dangers of opening attachments in unknown emails, or downloading software or apps onto work computers. Staff should be reminded of any internal policies designed to keep them away from sites not connected to their work – this should reduce the chances of someone visiting a site that is distributing ransomware. Ongoing education can also help in preventing ransomware in the future, as well as setting up fail-safes (e.g., encrypting, anti-virus software, and advanced malware detection software) to prevent future attacks.