This article describes ransomware and what you should do to minimize the risk to your system.
The following sections are covered:
Applies to the following Sophos products and versions
Not product specific
Ransomware, often called Coinminer, Cryptominer, CryptoLocker, CryptoDefense or CryptoWall, is a family of malware that takes files on a PC or network storage, encrypts them, and then extorts money to unlock the files.
Ransomware is one of the most widespread and damaging threats that internet users face today. Since the infamous CryptoLocker first appeared in 2013, Sophos have seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early days of fake Anti-Virus, through Locker variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware shares a common goal, to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.
Subscribe to the award winning Sophos Naked Security blog for the latest news on ransomware and security in general.
Recent ransomware articles include:
Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees are essential to reduce the risk of an attack.
The following are the best practices to apply now:
1. Backup regularly and keep a recent backup copy off-site.
There are other risks besides ransomware that can cause files to vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Always do a regular backup of your files and encrypt your backup. This way you don't have to worry about the backup device falling into the wrong hands.
2. Enable file extensions.
The default Windows setting has file extensions disabled. This means that you have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to identify file types that are not commonly sent, such as JavaScript.
3. Open JavaScript (.js) files in Notepad.
Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.
4. Don’t enable macros in document attachments received via email.
Microsoft turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!
5. Be cautious about unsolicited attachments.
Crooks rely on the dilemma that you can’t tell if the file is the one you want until you open it. If in doubt leave it out.
6. Don’t give yourself more login power than you need.
Don’t stay logged in as an administrator any longer than necessary and avoid browsing, opening documents or other regular work activities while you have administrator rights.
7. Consider installing the Microsoft Office viewers.
These viewer applications let you see what documents look like without opening them in Word or Excel. In particular, viewer software that doesn’t support macros, so that you can’t enable them by mistake!
8. Patch early, patch often.
Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash and more. The sooner you patch, the fewer vulnerabilities there are to be exploited.
9. Stay up-to-date with new security features in your business applications.
Office 2016 now includes a Block macros from running in Office files from the internet control, which helps protect against external malicious content without stopping you using macros internally.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.