Security researchers and experts back at the end of 2015 and earlier this year predicted 2016 to be the “Year of Ransomware” due to the dramatic increase in ransomware attacks, infections and reports. The malware variants used for extortion and blackmail became more and more prevalent as the year progressed and it was clear that the new form of attack was a firm favourite of hackers and cyber criminals across the globe.
Up until now the only defence has been prevention and resorting to backups, with authorities pushing out advice and guidance to communities and businesses to try to tighten up security practices, improve their “cyber hygiene” and try to look at preventing the infection, with the only fall-back being to resort to good, clean backups of the data. Whereas many did pay the ransoms, this was never advised as it merely encourages criminals to continue to utilise the tactic, and there is never any guarantee that victims would get their data back.
Thankfully, new developments have started to emerge to help in fight against ransomware, with new tools and advice having recently been published.
It was recently announced in the Hacker News that the American firm Cybereason have released a free ransomware monitoring and detection tool dubbed RansomFree which they claim is able to detect ransomware trying to run on your system and can halt any active processes running as a result, requiring user authentication before taking further action. This appears to be the beginning of a new form of security software for end-point devices to help protect against this malicious attack type.
This new tool follows the announcement of a similar tool for MacOS devices called RansomWhere, which does a similar thing for Apple devices.
These tools are all well-and-good, but as always, prevention is better than cure, and so one of the best first lines of defence is still good security on your devices and awareness of potential social engineering techniques used to infect your systems with ransomware. For the latest advice visit either the Government’s CyberAware website, the National Cyber Security Centre (NCSC) or the not-for-profit organisation Get Safe Online.