Ransomware has now reached epidemic proportions

The FBI's Internet Crime Complaint Centrer (IC3) division has recently published an announcement on Ransomware. Industry reports evaluate Ransomware revenues in tens of millions of dollars with agressive large scale attacks both on business and individual users. Ransomware has become the #1 security priority for IT managers.

Ransomware is also getting smarter now - encryption mechanisms using both symmetric and asymmetric keys are now flawless so don't expect generic decoders to ressucitate your data. They come in various flavors that will increase the ransom amount with time, selectively delete files or even offer a "free" single file decryption sample. Ransomware is also now very efficient and will encrypt you data in seconds, thanks to wise performance enhancements.

Ransomware may come in the form of an imbedded Javascript, a zip file (or other archive format), Windows Script file (WSF), a batch file, a Word or Excel document or appear like a simple PDF file. In all cases the attacker wants you to open the file and execute its content.

Ransomware exists because of this equation: Cost(remedial) < Cost(Damage). The remedial cost is the ransom. For those who do not have a recent and valid backup on hand, it means that paying the ransom is cheaper than the cost of damage. Ransomware damages are generally classified in four categories:

  • Loss of system availability
  • Loss of money (due to the interruption of operations)
  • Loss of data
  • Loss of life (in critical heath systems)

If every user had access to good backups, ransomware would just sto. Make sure you have a good backup strategy that it is implemented correctly. Of course, all organizations would rather not have to deal with the ransomware threat in the first place. Is that possible? Read on.

Does fool-proof protection exist ?

Yes. You simply have to make 100% sure that no executable content reaches your users. And that includes Microsoft Office documents with infected macros. The best way to do that is to filter it out BEFORE it reaches their inbox. Honestly, the vast majority of users do not need to receive executable files by email. And if some users do need to, they can receive them using other secure online alternatives. You can count on ZEROSPAM to quarantine Microsoft Office documents with infected macros and every type of executable file and content. Anything that remotely looks like executable content will be blocked. And that is true whether the zipped, zipped in a zip or renamed or both. If you've already been hit by ransomware, you probably don't want to go through that experience again. Get the ZEROSPAM ransomware vaccine here.

Find out more about the ZEROSPAM ransomware protection.