Categories: General
      Date: Jan 25, 2017
     Title: Ransomware


Ramsomware, the new and evolving cyber threat

I am often asked to differentiate between ransomware, malware and virus infections. End users are expectant of their anti virus solutions to protect them against an ever evolving smorgasbord of nasties, developed by a wide spectrum of equally nasty folk out there. Some want to make a buck, others want to brag to their peers, and for a small minority, it’s the technical challenge that drives them.

Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files.

There are three types of ransomware

  1. The most common infection is Encrypting ransomware, which blocks system files and demand payment to provide the victim with the key that (may) can decrypt the blocked content. Examples include Cryptolocker, Locky, Cryptowall, and the many evolved variants
  2. Locker ransomware, locks the victim out of the operating system, but does not encrypt files. The attackers still ask for a ransom to unlock the infected computer. Examples include Winlocker.
  3. The third type is the Master Boot Record (MBR) ransomware. When MBR ransomware strikes, the boot process can’t complete as usual, and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya ransomware.

I will concentrate on the first type, as it is the most common and the most damaging. Ransomware has some key characteristics that set it apart from other malware:

As ransomware evolves and multiplies, you need to understand that you need at least baseline protection to avoid data loss and other troubles. In terms of platforms and devices, ransomware doesn’t discriminate either. PC’s Servers and even mobile devices are being specifically targeted.

So, how do ransomware threats spread?

These are the most common methods of getting infected

These attacks get more refined by the day, as cyber criminals tweak their malicious code to be more intrusive and better suited to avoid the barriers we put in place. That is why each new ransomware variant is a bit different from its forerunner. So, by the time you get this “happy” message, its too late……


But I have antivirus! Why didn’t it protect me from this” is the usual cry

Ransomware employs evasion tactics that ensure that its is:

Think about it, the longer a malware stays unnoticed, the more data it can extract and the more damage it can do. The programmer does this by use of


Ten ways to reduce Ransomware attacks

  1. Backup your data regularly, include backup restore tests in your regime
  2. Patch software frequently, OS, Browser and identified application vectors
  3. Monitor and block suspicious traffic, manage outbound traffic
  4. Scan all downloads
  5. Scan all emails, make sure you have up to date endpoint AV installed
  6. Block EXE files, Windows Software Restriction Policies
  7. Disable “Hide extension file types”
  8. Disable macros through group policy
  9. Manage user privileges, use Admin logon sparingly, rather use a neutered user logon for day to day operations
  10. The most important point is, EDUCATE YOUR USERS, regularly


Need more information??

Please call or email me

Anton Schutte

027 524 9995