Better Prevention

Should you fall victim to the encryption trojan, it is not a good idea to follow the ransom demand. Instead, you should back up the evidence and file a legal complaint. In addition, it is recommended that you back up the encrypted files, which you may be able to decrypt some time later if security vendors find a cure.

In general, a comprehensive IT security strategy is advisable. Start with effective hardening measures through widespread adherence to the principle of minimal privileges. In addition, a restrictive firewall configuration prevents potential communication between the ransomware and the C2 server. Ideally, you will want to use security systems on the gateway that also analyze incoming files based on their behavior, and thus detect malware regardless of signatures.

Of course, you should keep your computer systems updated with the latest patches. In conjunction with an up-to-date virus protection solution and regular scans, this reduces the risks significantly. In addition, tell your users to avoid opening any email attachments from unknown senders. The same applies to links in emails. If you use Microsoft Office products, make sure to disable the automatic execution of embedded macros. Macros should be enabled only for documents in trusted locations if you absolutely rely on using them.

Of course, there is always a residual risk, so back up your data periodically using different generations. A good, reliable, and tested backup strategy is a must-have, and not only in this scenario. Of course, the backup media must not be permanently connected to your computer. Otherwise, the backed-up data is also useless in the event of an infection.

New Tool Against Ransomware

The anti-malware vendor Malwarebytes has published a free tool, Anti-Ransomware [1], to explicitly protect users against ransomware. The tool is currently in beta, but has been successful in various tests. It analyzes the behavior of programs and blocks their execution before disk encryption takes place. Among others, the software helps combat the ransomware variants Locky, CryptoWall4, CryptoLocker, TeslaCrypt, and CTB-Locker.

Conclusion

The year 2016 started off early with the first big ransomware blackmail wave. Attackers are taking increasingly sophisticated approaches, and malicious emails are very difficult to distinguish from bona fide communication. They even use legitimate, existing companies including email signatures as the sender. Comprehensive protective measures are therefore more important than ever.