Close your ports, stop reading emails, turn off your Wi-Fi for God’s sake – cybercriminals are upping the game and will make you WannaCry!
[Petya Ransomware] Unfortunately, the Ransomware wave is yet to calm down. After the WannaCry horror everyone experienced at the beginning of May, a new ransomware is on the loose and it’s potentially worse than WannaCry.
The ransomware called Petya (also known as Petrwrap) first hit the news headlines yesterday (27/06/2017), spreading through an official software update mechanism of an accounting program used by the Ukrainian government, before infecting Europe and the US. Since, it has infected major companies like WPP, the French construction materials company Saint-Gobain and the Chernobyl nuclear reactor.
Essentially, a malware going by the name “Petya” has been known since 2016. What we can observe right now is an update, according to security firm Symantec. What makes it different from the WannaCry horror is the fact that this version of ‘Petya’ spreads internally within networks or through two Windows administrative tools. It’s relatively faster as well.
What’s more alarming is the fact that this malware only has one registered email address for communication, was suspended by the email provider after its discovery. As a result, even if someone pays the ransom, there’s no official way to communicate this to the attacker and request the decryption key.
[WannaCry] That’s what the world was saying last Friday, when cybercrime achieved a new Ransomware record. Yes, I’m talking about the latest buzz around cybercrime – WannaCry. If the news didn’t reach you for the past 72 hours, here’s a quick summary:
Starting from May 12, 2017, health and IT organizations in more than 100 countries got hit by a new Ransomware wave – one of the largest of its kind recorded so far. Britain’s NHS had to cancel surgeries, car giants Renault and Nissan had to stop prodiction across several of is European plants and a lot of cybersecurity experts in China and Britain had to work overtime.
What is Ransomware?
Ransomware is malware that upon infection, blocks access to some or all the information stored on your device. In order to recover your files from Ransomware, you are required to pay a ransom usually in Bitcoin on another e-currency. Although it has been gaining media attention only in recent times, this malicious model goes way back in the 1990s with the first-known malware capable of encrypting file names. Since then, however, Ransomware has evolved, now including encryption with a private key stored on the cybercriminal’s servers. As a result, even if the user removes the malware they would not be able to recover any of the infected files, leaving them with the only option to pay the due.
Ransomware stops access to files that are located in drives ‘mapped’ on your device. This includes external HDDs, USB thumb drives, folders on your network or in the cloud. Consequently, if your Dropbox is mapped locally, your Dropbox files will also fall victim to the malicious software.
WannaCry/WanaCrypt or Wcry for short works just like any other Ransomware out there. Unlike conventional Ransomware though, WannaCry is a severe threat because it has few extra tweaks that make it almost impossible to break. It utilizes one of the best ways to encrypt data – the RSA 2048-bit cipher. In addition, it is a modular software, contrary to most forms of Ransomware which are rather simplistic.
Ransomware has been at it for some time now:
In 2016, popular antivirus system Kaspersky Lab found a rising trend in cyber incidents, involving Ransomware. According to the global cybersecurity company, in the period between April 2015 and March 2016 – 2,315,931 users around the world encountered ransomware, marking a rise of 17,7% compared to 2014. In addition, since the beginning of 2016, more than 4,000 ransomware attacks have occurred every day – a 300% increase over 2015, by the words of the FBI.
Attacks are not aimed only at individuals. In the period between January and September 2016, such attacks on business increased from one every 2 minutes, to one every 40 seconds. What’s more alarming, however, is the fact that even after paying, 1 in every 3 Ransomware victims doesn’t get their data back.
The main Ransomware sources are email links and attachments, followed by web applications and social media as quoted by Osterman Research, Inc.’s recent report. In fact, in another report conducted by PhishMe, in Q3 2016 – 97.25% of phishing emails contained some form of ransomware, compared to 92% at the beginning of the year. Unfortunately, 30% of such phishing emails get opened – an open rate every marketer would kill for.
How to avoid becoming a Ransomware victim?
Once you fall victim to Ransomware, you will be locked out from your own files. Like WannaCry, more Ransomware forms include encryption, which will limit your choices of action to either paying or losing your data. Such a disaster, however, can be easily prevented, when perform regular backups of your data.
Although at this moment, WannaCry attacks have temporarily slowed down, cybercrime is NOT. Paying “ransom” in order to get your information back will only encourage the fraudsters and won’t guarantee you get your data back. That’s why, in order to prevent losing your data in a Ransomware infection, going back to online security basics and understanding cybercrime patterns is important. Here’s how you can ensure you never have to pay ransom and have solid Ransomware protection for your files:
Back up your files with pCloud Drive
Having an extra copy of your entire digital account is always a good call, no matter the reason and cloud storage can do the job right. Backing up your files with pCloud is very simple, thanks to pCloud Drive. With the desktop app for Mac, Windows and Linux, you can sync your entire digital collection of important photos, videos and documents with the cloud. In order to back up your files in pCloud Drive, the only thing you need to do is to righ-click on the folder you want to sync, choose Copy to pCloud Sync and wait until you get the green checkmark.
Unlike other “mapped” cloud storage services like Google Drive and Dropbox, even if your pCloud files get infected with Ransomware, you can easily recover them and prevent the disaster of losing important data forever.
Recover Ransomware-infected files with pCloud Rewind
Recently, we released a new feature that helps our users restore corrupted, lost or even Ransomware infected files from pCloud.
pCloud Rewind is like the time machine for your digital life in pCloud. You can use it to travel back up to 30 days in the past and recollect photos, videos, documents and shared content that was deleted or infected with Ransomware at one point in time. Set a time and date, and explore all the changes made at that moment – with the option to restore or download any previous version of your files with a click.
Combining pCloud Drive with pCloud Rewind is one of the safest ways to prevent losing your files to Ransomware. You can easily perform real time backups of your synced files and in case you fall victim to Ransomware, you can easily restore every infected file in a matter of minutes. No ransom paid, no lost files!