Heimdal Security

Heimdal Security supports No More Ransom

On December 15, 2016, the Heimdal Security team joined the No More Ransom project to contribute to the global fight against ransomware.

Along with the project's founders and other partners, we aim to help educate Internet users on the key steps they can take to protect themselves from this cyber threat.

What is ransomware?
Ransomware is a type of malicious software created to infect a computer system covertly and block access to it until the victim pays a specific amount of money.
Encrypting ransomware
Master Boot Record (MBR) ransomware
Locker ransomware

Each of them is designed to infect the system differently, but all have the same malicious objective: to extort the victim into paying money to get the data back.

What is ransomware?
Because you could be affected too.
Ransomware is now the dominant cyber threat on the Internet, affecting both users like you and me and organizations from all over the world (including hospitals)
$1 billion
The FBI estimates that cyber-extortion losses could reach $1 billion in 2016 alone!
The average ransom demand more than doubled its price since 2015 and is now around $700.
200 ransomware families
There are over 200 ransomware families, plus hundreds of variations that add to this number.
Ransomware is a high-impact threat that uses social engineering to extort you and force you to pay the ransom. (But please don't!)

Given the high volume and wide distribution these ransomware families have, any of us could become the next victim unless we protect ourselves.

How ransomware spreads
Cybercriminals distribute malware on various channels, either in targeted attacks focused on specific targets or in "spray & pray" campaigns intended to infect as many people as possible.
Some of these channels include:
Spam emails with malicious links or attachments
Infected files sent in instant messages
Internet traffic redirects to malicious websites that spread ransomware
Legitimate websites compromised through code injection
Affiliate schemes in ransomware-as-a-service and many more

If you want to learn more about what ransomware can do, this Q&A on the No More Ransom website is just what you need.

Example of a ransomware attack
It takes just a few seconds for a ransomware attack to unfold and infect a device. Here's one of many potential scenarios:
Heimdal Security
Heimdal Security
You receive an email with a link disguised as something important for you (e.g. info about a package you're waiting to have delivered).
Once you click on the link, an exploit kit (EK) scans your system for vulnerabilities (often found in outdated software).
When the EK finds a security hole, it places a downloader (payload) on the system.
The downloader connects to a list of domains or Command & Control servers and downloads the ransomware onto the system.
The ransomware starts encrypting the data on the local drive and all other connected devices (other PCs, external drives, cloud storage services synced locally, etc.).
Once the encryption is complete, the ransomware displays a note with instructions on how to pay the ransom. A timer is usually involved. If you don't pay until the deadline, all the encrypted data is destroyed.
Key protection layers against ransomware
Our team at Heimdal Security is a strong believer in proactive protection against ransomware and other cyber threats. We also focus on helping Internet users understand the importance of multi-layered online security.
There are many things you can do to keep your data safe against ransomware, but the very least you can do is:
Create and maintain at least 2 backups of your data, in different locations (in the cloud + on an external drive);
Never download and open unsolicited attachments received in emails and always verify the extensions that files use before clicking on them;
Use a reliable antivirus, preferably paid, so you can benefit from its full strength;
Never click on links received in emails you haven't requested and maintain a cautious attitude;
Install software updates as soon as they're released.Updates are a great security layer by themselves and can block up to 85% of attacks that target vulnerabilities in the software you use (according to US-CERT). Plus, you can automate them to save time;
Complement your reactive protection with a proactive security solution, so you can benefit from traffic filtering that blocks connections to websites and servers that distribute ransomware.
Secure your browsers to keep risky add-ons and websites from compromising your data;

Automatic & silent patching | Traffic filtering | Anti-ransomware protection

What to do if you get infected with ransomware
First of all, disconnect from the Internet immediately! Turn off your wireless or unplug the Ethernet cable from your PC to keep the infection from spreading.

If you have a backup, wipe your system clean and do a reinstall of the operating system.

If you don't have a backup, head on over to the No More Ransom website and try one of the free decryption tools available.

If you don't know what ransomware your data is infected with, use the Crypto Sheriff tool o find out.

Don’t forget to report the cyberattack to your local authorities! This will help the No More Ransom partners gather more information on the cybercriminals behind the attacks, thus contributing to taking them down.

Heimdal Security
Join the fight against ransomware - find more about the initiative

The No More Ransom initiative was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. Its core objective is to facilitate cooperation between law enforcements and the private sector in order to stifle the escalation in ransomware infections.

The website nomoreransom.org is a result of this common effort, featuring key information about ransomware, prevention advice and, most importantly, a series of decryption tools that victims can use to unlock their data.