Ransomware on the rise: Norton tips on how to prevent getting infected
Written by a NortonLifeLock employee
“This operating system has been locked for security reasons.”
Many online users are still being confronted with similar messages to the above thanks to a type of malware called ransomware. The scam works by using malware to disable the victims’ computers until they pay a ransom to restore access. Cybercriminals often use social engineering tricks, such as displaying phony messages purporting to be from local law enforcement, to convince victims to pay up. Messages often include warnings such as, “You have browsed illicit material and must pay a fine.”
A rise in ransomware
Norton by Symantec has witnessed an increase in the amount of professional cyber gangs using ransomware in recent years. This fraudulent activity is designed to take over your computer and blackmail you for cash, and has developed in the following ways:
- After first emerging in Russia and Eastern Europe in 2009, ransomware spread to Western Europe, the U.S. and many other countries, causing high infection rates and a great deal of frustration for consumers.
- Professional cybergangs use intelligent malware which, once on your computer, identifies which country you live in (via your IP address) and presents the message in the local language with a logo of a local public authority.
- The ransomware completely disables the device and is designed so that it seems that the only way to restore functionality is to pay the fine. This raises the chance of the consumer being tricked to pay the ransom.
Different variants of malware are being developed, and within those variants criminals vary the code slightly to help the malware get past security software.
Toll Group’s Tryst With Ransomware — Australia’s Virus Protection Problem
A great example of how ransomware can obstruct businesses from functioning is The Toll Group’s recent mishap in February, 2020. With their IT systems and business units under attack, the transport company had to halt regular business. In an industry where logistics are affected inadvertently trickles down to smaller businesses — which is exactly what happened with the Toll Group’s customer base. Smaller business owners who were using the transport company suddenly lost the ability to track parcels and shipments. The group ended up missing days of deliveries, disrupting schedules across Australia.
With only a customer service line to help them track their respective packages, Toll Group began to receive harsh criticism. Although it is unknown what preemptive measures Toll Group took in regards to virus protection, they remained transparent through their process of malware removal. It was then discovered by the Australian Cyber Security Centre through samples sent over by Toll Group, that they were attacked by a new variant known as Mailto.
Experts within the field commented on the same, debating if businesses should take into account a more refined approach towards virus protection. In the end, ransomware continues to remain a threat for big and small businesses. Awareness is the first step towards all-round safety — enforcing this knowledge is the next. The attack on Toll Group could just be the first of many; with each attack more targeted towards business systems.
- Ransomware is predominantly found on suspicious websites, and arrives either via a “drive-by download”, stealth download or through a user clicking on an infected advert. Some distribution via email has also been seen.
- Messages are evolving over time. Cybercriminals use different hooks to defraud innocent users (social engineering). Early variants used a locked screen containing pornographic images to shame users into paying the fine, and are now using law enforcement logos.
- Techniques have become more and more sophisticated, with code built into ransomware programs to tailor messages to the right language and local law enforcement logo.
- Even if a person does pay the ransom, the cybercriminals often do not restore functionality. The only reliable way to restore functionality is to remove the malware.
Tips on how to prevent infections by ransomware:
- Have up-to-date security software installed. Remember with thousands of new malware variants running every day, having a set of old virus definitions is almost as bad as having no protection.
- Make sure all the software on your system is up-to-date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up-to-date helps minimize the likelihood that your system has an exposed vulnerability on it.
- Make sure you are leveraging the full set of protection features delivered in your security product. Norton products offer the layers of protection you want.
Safety for every device.
Security is no longer a one-machine affair. You need a security suite that helps protect all your devices – your Windows PC, Mac, Android smartphone or your iPad.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.