Sign up to our newsletter
IT threats are increasing in quantity, complexity and diversity. We are made aware of them through a variety of studies, such as the report entitled Trends for 2015 – Targeting the Corporate World, which highlights the proliferation of malicious code such as ransomware, one of the types of threats that have been identified as increasing in recent months. One part of the world that has been particularly hard hit is Latin America, where we are located, with many cases of infection by CTB-Locker.
The purpose of this type of malware is to “kidnap” a user’s information by encrypting it and to demand payment as a ransom—and it’s becoming more sophisticated all the time, for example, through the use of asymmetric key encryption algorithms, which make it impossible to recover the information through reverse engineering or brute force.
Despite the characteristics that make it complex once it has infected your computer, the methods used to propagate ransomware are ordinary enough, such as social engineering through email messages, therefore following simple precautions can stop you falling victim to this type of malware.
In recent months, the ESET Laboratory in Latin America has published information relating to various malware propagation campaigns based on the mass mailing of email messages with attachments.
Some of the most frequently used involve ransomware like CryptoLocker, TorrentLocker or more recently CTB-Locker, which are propagated using email attachments, among other methods.
Once installed on the user’s computer, this “filecoder” code will encrypt the victim’s information and demand a payment as ransom in exchange for supplying a password which will decrypt the information. If the user pays the ransom, the key will work only on their infected system, so the decryption keys cannot be used to save another person’s infected computer.
For these reasons, let’s go over some of the simple, proactive, preventive measures that can help prevent or minimize the consequences of an infection by this family of malware, email being the main tool in need of protection.
Lots of attackers collect email address, which they can find by searching on publicly accessible websites (such as web forums). The aim is to gather together a large number of email accounts in order to propagate malicious code, or to carry out other malicious activities like sending spam, launching unsolicited advertising campaigns, or mounting phishing attacks.
Also, when you send emails to more than one address without using bcc, the messages accumulate valid email addresses, allowing cybercriminals to find such information more easily. Resending entire email chains also makes it easier to collect email addresses for malicious campaigns.
It’s essential to check the content of the messages we receive by email. As well as the content of emails, their attachments have become a very common method for propagating malware, which, as we mentioned at the start of the article, is one of the main means of infection by ransomware.
For this reason, practices like checking the sender of a message, taking care with offers that sound just too tempting to resist, checking that it is really an email that has been sent, and not clicking on suspicious links are basic measures to take in order to avoid falling victim to tricks that might result in infection. These should be combined with other good practices for looking after your email.
As well as checking the messages you receive, it’s important to check the information sent, recipients and attachments. Sensitive information could be sent by mistake to the wrong recipient or malware might be sent unwittingly.
We must emphasize the importance of having a security solution on your computer—a practice that has become essential for protecting both your information and your equipment, bearing in mind the considerable quantity of malicious software being propagated through email.
If, whether by mistake or through lack of knowledge, a malicious file is downloaded or a malicious/suspicious link is clicked on, the antivirus solution will prevent the malicious code from executing itself to infect your system—provided it’s updated regularly and configured with the correct settings.
Furthermore, this measure is not exclusive to computers, with the development of malware for mobile devices such as Simplocker, the first Trojan to encrypt files on Android devices. For these reasons, it is also necessary to install antivirus software on tablets and smartphones.
Updating your software is essential for preventing more infections. If you have antivirus software, it’s important for the virus signatures to be up to date and for its settings to be configured correctly, so that this type of threat is detected and blocked—and in a timely manner so they can’t take advantage of security flaws.
Similarly, it’s important to check the authenticity of the software you download and install on your computer. Although the most common method of propagating ransomware is by email, other vectors of attack may be used, such as by infecting websites or legitimate programs and apps that are downloaded frequently.
In case a piece of malicious code successfully infects and damages your computer or information, a practice that can help, as a last-resort method of protection, is the use of backup drives. We have already pointed out the benefits of making backup copies, as well as providing details of the correct procedures in our Backup Guide so that you can do so simply.
Ignoring email messages from people you don’t know and not downloading attachments are the two of the most important ways to avoid infection, but if your computer does become infected by ransomware, a backup is your best weapon of defense, as long as all the information you have backed up is stored on external storage media.
As we mentioned at the start of this post, the quantity, complexity, and variety of threats, specifically of malicious code, leads us to believe that it is only a matter of time before we are likely to have to suffer the consequences of a malware infection.
And the reality is that while this likelihood exists, it is just as important to emphasize that by applying good security practices, we can reduce the possibility of falling victim to them, or at least minimize the consequences of an infection by ransomware or other type of malware.
So, by combining the use of good security practices and a security solution to protect you from malware, as well as staying aware of these risks and the ways to protect yourself, it is possible to minimize security events involving information and new threats, which, despite becoming increasingly sophisticated, continue to use known methods of propagation.
Author Miguel Ángel Mendoza, ESET