2017 Ransomware Update

Ransomware, a specific form of malicious software that encrypts files on your computer until a ransom is paid, like other online scams ebbs and flows in fads. In 2017 the ransomware landscape has seen the return of some old tricks as well as the evolution of an old threat. Here’s a look at the current state of ransomware and what you can do to prevent it.

Open-source software

Most people know open-source software for helpful alternatives to Microsoft Office or a music player that reads a plethora of file types unlike iTunes. However, open-source ransomware has become a much more prominent issue in recent months. While most demand a monetary ransom be paid, the open-source nature of the code has given rise to stranger demands. For example, one iteration demands that you achieve a certain level on an online video game before your files are restored. Another recent version simply makes the victim watch a video educating the victim about what ransomware is.

Expanded distribution

Ransomware, like the ones mentioned above, is typically distributed through email with an attachment. The sender may be a cunningly disguised email address that looks like a friend, family, or colleagues address. Often the software is attached and disguised as a document. However, in April 2017, distribution changed shape. Companies in Europe received emails with an included hyperlink that took users to a Dropbox link with a file disguised as an invoice.

Locky returns and Cerber evolved

Locky was discovered in 2016 embedded in a Microsoft Word document. After its discovery users caught on quickly and the threat seemed to be mitigated by most moderately aware users. However, in May 2017, Locky got a makeover and was found embedded in a PDF that has a link that leads to a .docm. Once the .docm file is opened it sends an invisible connection to another server from which it downloads the ransomware.

In the same month Locky was reborn, Cerber evolved. Like its previous versions, however, it is disseminated via spam emails with an attachment. So what has changed? Once the file is open, Cerber 6 is able to download and run another virus that utilizes Windows Firewall’s technology and blocks any attempt at detection while the ransomware is downloaded. As firewalls have been equipped with machine learning, hackers have created new ways of circumnavigating cybersecurity.

Prevention and solutions

No matter the new form of ransomware, there is always one hurdle it must leap before your computer and files are infected, and that’s tricking you into clicking a malicious link or downloading a malicious file. Educate family, friends, and colleagues what scam email addresses look like. Usually, users whose computers became infected with ransomware did not invest any time or effort to verify the origin of suspicious emails or attachments. Furthermore, victims of ransomware also open macros or click on suspicious links. Refrain from opening files or links within unverified emails. If you’re a victim of ransomware, there are decryption tools that can decrypt some strands of ransomware or prevent screen locks altogether. However, prevention should be paramount.

Mozy by Dell knows how to beat ransomware

Data stored in the Mozy cloud is protected from ransomware. Learn why programs, including viruses, cannot execute or run in the Mozy cloud and cannot infect files stored there: Ransomware: Frequently Asked Questions.

You can prevent a ransomware disaster. Check out our white paper.