Ransomware: Protect Yourself or Pay

Ransomware has surged into the awareness of today’s security professional, threatening to encrypt your company’s files and shut down your business. Cyren offers protection from ransomware cyber attacks through powerful cloud-based web and email security services.

What Is Ransomware?

Ransomware is a cyber attack that encrypts your files until you pay.

CYBER ATTACK

Ransomware such as CryptoLocker, CryptoWall and Locky targets your business with cyber attacks that leverage both email and the web to fool your employees and penetrate your defenses.

ENCRYPTION

These attacks encrypt all the files on a victim's computer and connected network drives.

RANSOM

Once infected, you can either pay the ransom to regain access to your files, or give up all your precious data.

Threat Report

Ransomware: An In-depth Look at Locky, WannaCry and More

Download
On-Demand Webinar

Confronting the Ransomware Crisis: Best Practices for Securing Your Business

View
Blog Article

Wannacrypt Ransomware Spreads Like A Worm Via NSA Exploit

View

How Does Ransomware Work?

Malware Delivery

You download malware from a spam email or a malicious URL.

Ransomware Download

The malware downloads a ransomware executable to your computer.

Encryption

The ransomware encrypts your files.

Ransom Notice

You are given a ransomware notice with a deadline.

Payment

You are required to pay with Bitcoin.

Decryption

The attacker provides a decryption key.

Ransomware can encrypt your files in less than 60 seconds. Decrypting the files without the key is virtually impossible.

The Evolving Ransomware Threat

New families and variants of ransomware are emerging all the time.

How can you prepare for ransomware? Get insights from Cyren's cyber threat report

What Does Ransomware Look Like?

An example of Locky ransomware

LOCKY EMAIL

Locky EmailSample email from invoice-themed Locky ransomware campaign. The goal is to get the victim to download and open the attachment.

LOCKY RANSOM MESSAGE

Locky Ransom MessageOnce executed, Locky encrypts the files on the victim's computer, renaming them with the extension ".locky". It then changes the victim's Windows wallpaper, posting a ransom note with instructions to pay and decrypt the victim's files.

Ransomware Case Study: Hollywood Presbyterian Medical Center

Hollywood Presbyterian Medical Center (HPMC) is a general medical and surgical hospital in Los Angeles. On February 5, 2016, the hospital was hit by a Locky ransomware attack that locked access to certain computer systems and patient files. Although patient care was not compromised, patients were diverted to other hospitals and the hospital's network was down for over a week. Ultimately, the hospital paid 40 Bitcoin (about $17,000) to get the decryption keys and regain access to their files.

Hollywood Presbyterian Medical Center exterior

Ransomware Case Study: The Cost of CryptoLocker Ransomware

Here's what happened at one company when it was hit with a CryptoLocker attack.

FIRST 6 HOURS

  • 1,487 CryptoLocker attack emails received
  • 125 CryptoLocker emails evade security, received by employees
  • 10 Employees open email and download CryptoLocker

THROUGH DAY 5

  • 10 Employee accounts locked, computers re-imaged
  • 7,446 Files restored from backup
  • 22 IT staff engaged (252 hours)
  • 4 Executive briefings (50 management hours)

TOTAL COST

$41,990

9 Tips to Avoid Being a Ransomware Victim

By the time you receive an alert that a ransomware infection has occurred, it is already too late. The only way to stop a potential ransomware infection is to prevent it from ever happening in the first place.

IMPROVE YOUR SECURITY

  • #1 Email security gateway >
    • Majority of cyber attacks start in email
    • Stop malware before it reaches your users
  • #2 Web security gateway >
    • Stop malware downloads, malicious URLs
    • Stop C&C communications, data exfiltration
  • #3 Cloud sandboxing
    • Identify and stop never-before-seen malware
  • #4 Endpoint security with active/behavioral monitoring
    • Ransomware evolves quickly
    • Augment traditional AV with next-generation detection

IMPROVE YOUR HYGIENE

  • #5 Backup regularly and keep a copy off-site
    • Test that your backups can be restored
  • #6 Train your users
    • Social engineering training - don't click that suspicious link!
  • #7 Turn off network shares
    • Avoid mapping network drives with large file repositories.
  • #8 Patch early, patch often
    • Outdated operating systems, browser and plugins are major vectors for malware infections
  • #9 Turn off admin rights for your users
    • Some ransomware leverages admin privileges

What to Do If You've Been Infected With Ransomware and Your Data Is Not Backed Up

If your data is backed up, simply reimage your computer from your backup data. But if you don't have a backup...

Remove the ransomware

Make sure you remove the malware from your system first; otherwise, it will repeatedly lock your system or re-encrypt your files even after you've paid the ransom. Check out well-known endpoint security solutions for removal tools.

Try to decrypt

Cracking ransomware file encryption is a long shot. The most sophisticated ransomware uses state-of-the-art RSA-2048 bit keys to encrypt your files, which are virtually uncrackable. However, older ransomware variants may not have the same bulletproof protection and researches have cracked a number of these - google "ransomware decryption".

Pay the ransom

If you can't decrypt your files, the only way to get your data back is to pay the ransom. And even if you pay, there's no guarantee that you'll get your data back. Follow the directions provided by the ransom note directing you how to pay. Some hackers even provide technical support for this step.

Say goodbye to your data

If you have not been able to retrieve your data by decryption or paying the ransom, then your data is permanently gone. You should re-image your computer so that you can use it going forward.

And make sure to backup your computer regularly once you start to use it again.