Site icon Ingenio

Two new tools for defeating ransomware

2016August1 Security B PH

2016August1 Security B PH

A simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Island,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near catastrophe of the latter to having your company’s data hijacked by computer hackers, ransomware can in many cases end in disaster for your business.

The way in which these nefarious operators commandeer your information and deny you access usually involves some fairly sophisticated stuff. The ransomware they install on your system is essentially a virus that “locks up” your data, and it can’t be unlocked unless you pay them for the keys.

Some of these data-encrypting viruses are strong, such as the CryptXXX strain. It has been infecting businesses for the past few months, and its latest mutation can’t be quelled by decryption programs found for free on the internet.

Two relatively new types of ransomware aren’t quite as virulent as CryptXXX, but we’d like to bring you up-to-date on them nonetheless. Here’s a look at what they’re called, what they do, and how you can defeat them should your business be impacted.

PowerWare

The first of these recent ransomware varieties is called PowerWare, which also goes by the name PoshCoder. It imitates a more complex ransomware program called Locky, although with less effectiveness.

This spring, PowerWare was discovered attacking healthcare organizations through Windows PowerShell, a scripting application used for systems administration. Fortunately, programmers at hi-tech security firm Palo Alto Researchers were able to quickly create a decryption tool named “powerware_decrypt.py” that unlocks ransomed data with relative ease.

Implementing the fix, however, does call for a bit of technical know-how, so if your IT department is experienced in this area it shouldn’t be a problem. The code that can cure you from PowerWare is published online and is free.

BART

The second new ransomware breed that we should address is called BART. Instead of employing intricate information-encrypting algorithms to take command of your data, BART will stash away your files inside password-protected ZIP folders… and you have to pay for the password.

These infections aren’t hard to identify as the imprisoned files will appear with “.bart.zip” added to their original name (for example, “spreadsheet.xlsx.bart.zip”). Thankfully, not only are they easy to detect, but for antivirus firm AVG, they are easy to decode.

Applying the remedy that AVG has produced requires an unaffected copy of one of the files that’s been locked up. And if you can’t locate one somewhere on your network, a good IT services firm will be able to. The BART decryption tool is also available online at no cost.

The fact is, there are some shady, technologically savvy characters out there who are willing to do us harm. Keeping them at bay takes vigilance. So if your business doesn’t have the resources to stay safe and secure from threats like ransomware – or, in the event that you’ve been hit, you’re not sure how to recover your data without paying the ransom – call us today to talk things over.

Published with permission from TechAdvisory.org. Source.
Exit mobile version