At the end of June 2017, a few lines of code managed to infect entire companies with malware. This code sneaked into employees’ PCs, encrypting the entire hard drive and blocking access to important data. When the PC was turned on, it no longer started normally, but only displayed a notice of a ransom sum that should be paid to allow it to work again. This type of cyber extortion is based on encryption Trojans, also known as ransomware. We will show you how to protect yourself effectively against these viruses and what measures will help you immediately.
What are encryption Trojans and are they really a serious threat?
It sounds a bit like a Hollywood script, but in fact hackers smuggled a Trojan called Petrwrap into organizations, some of which were spread across the globe, in late June 2017. At first, only individual PCs were affected. However, the Petrwrap Trojan gained access to the passwords and IDs of all users within a few minutes and also exploited existing gaps in the Windows operating systems of the clients and server systems in order to spread itself. This left virtually all doors open to the Trojan.
Petrwrap is based on the technology of the related Trojan Petja, which has been appearing sporadically since 2016 and infects corporate networks. Petrwrap is particularly perfidious: it infects all computers in a network, locks access to them and does not even release it after paying the ransom. On the contrary, Petrwrap deletes all data on the hard disk and thus renders the system unusable.
Such Trojans affect only large or controversial companies? No, any company can get caught in the hackers’ crosshairs, mostly the infection is random and targeted attacks are rather rare. Especially if the defense against viruses is not consistently implemented, the hackers have an easy game and their widely spread attacks quickly find a target even in your company.
How can you protect yourself from the unwanted encryption??
Ransomware extortion is not an isolated case: the WannaCry Trojan was even more prominent in the media from Petrwrap and Petya. Both Trojans additionally represent another point: the sensitivity of our systems. If even large organizations such as car manufacturers, telecommunication companies, railroads and even the British National Health Service were affected by the attack, how secure is your own system?
Many Trojans take advantage of the small time gap between the discovery of a vulnerability and its closure through an update. That’s why even powerful anti-virus systems couldn’t stop the attack by WannaCry or Petya. But the source of the attack is always within your own system – you have to open the door for the virus to get in, after all. Mostly this happens by careless handling of e-mail attachments and by surfing on untrustworthy sites or via poorly secured interfaces to the outside world. This is the best starting point to give ransomware no chance right from the start.
Five tips for protection against ransomware
- Stay up to date!
Windows wants to install an update again? This is annoying in everyday work, but useful. Windows does not want to annoy you, but to close security gaps quickly and effectively. The ideal time to update is before or after peak hours – that way you won’t be hindered, but you’ll stay up to date. There is even a claim: updates are more important than the antivirus. Companies should use a professional solution for distributing updates: After all, unlike antivirus, Windows often doesn’t report when updates are not applied or fail.
The easiest way to effectively protect all data is to perform a security backup. How to lose maximum data up to the last backup if your data was encrypted by an attack. Ideal is the daily backup. But it is also important: Your backups must be stored where no Trojan can get access – otherwise you will lose not only your productive data but also the backups in case of an attack. So, your backup strategy should take into account a secure storage location. If in doubt, seek advice.
When you think of insecure websites, you immediately think of porn sites or other content that really has no place in the office. But encryption Trojans can sneak in through other sites as well. A co-worker needs some software unplanned? Rogue download sites are often infected and difficult to detect. So train your employees: Software does not have to be searched for by yourself. IT specialists know exactly which sources are safe and reputable.
No one downloads a virus voluntarily and knowingly. Still, it happens when the sender masquerades as a customer. In addition to well-designed filters, good email programs can provide security. Some clients scan mails for malware and warn you preventively of. You should also make sure that when you open a file, it does not immediately run scripts, such as.B. Active-X elements in Microsoft Office files. These are often used to install a Trojan horse. Last were often .doc, .xls, .ppt files, which are the usual office files, as well as PDFs affected.
There are special antivirus programs that protect against ransomware attacks. Installing and managing this software is usually quite simple and additionally protects you from potential infection if all previous security measures were ineffective. However, this is the last line of defense – and its effectiveness is not guaranteed. Better to implement all previous measures consistently.
Conclusion: encryption Trojans can hit anyone who does not protect themselves against them
When it happens, the damage caused by ransomware is usually significant. In some cases it takes more than two months until all damage caused by the Trojan is eliminated, current cases in large companies and corporations are evidence of this. Infected computers have to be completely rebuilt and more securely integrated into the network and files have to be laboriously restored, sometimes from old backups. A good security plan can prevent the virus from jumping from one computer on the network to another. However, under no circumstances should you pay the specified ransom. In the best case you get access to your data, but you enrich the hackers and indirectly finance the next attack. In the worst case, the virus still deletes all hard disk contents. Our colleagues say anyway: No backup? No pity. And you are not completely wrong with that!