Ransomware infection and detection

Ransomware is a malware or Trojan attack. Once a computer is infected, the ransomware encrypts, or locks, important data; some threaten to delete files. The only way to unlock it is paying a fee, or ransom to the developers of the Trojan software. Ransomware attacks use a file disguised as a legitimate document. The Trojan activates when a user opens an infected file, such as an invoice or word document. The email looks real and tricks the user into opening the document, infecting the system.

Common examples of ransomware include Cryptolocker, Criptowall, Locky, Zepto and WannaCry.

AV Defender is effective against any crypto-strain if the Active Virus Control (AVC) is enabled in the Behavioral Analysis module of the AV Defender profile(s) applied to the device(s). Ransomware has many variants that are released constantly. Ransomware is deployed once a ZBOT is received by email and fresh copies of the virus are downloaded in real time from the internet. These files are updated continually to prevent detection by Antivirus software. While BitDefender works continually to stay on top of every variant of these infections and while AVC and IDS both help considerably to keep a device from becoming infected, it's important to recognize that no AV software is 100%, completely foolproof.

How to protect against Ransomware

Protecting yourself and customers from a ransomware infection requires education and a good defense. Make sure your customers know the basics of how to prevent malware from propagating:

  • Ensure users understand the issues involved with opening files that may seem suspicious such as an invoice or document that is not expected.
  • Do not open email or files from unknown senders or click links in email.
  • Ensure the Macros feature in Microsoft Office is turned off.
  • Be aware of new threats or what is trending in the "wild" that could be harmful and alert customers immediately

AV Defender/Security Manager

Always have the latest AV Defender software installed to make sure you have the most recent virus signatures. In your Security Manager | AV Defender profiles, set the Detection Level of the AVC component to at least Normal. A setting of Aggressive will help on a more combative scale, however this can also flag and cleanse legitimate applications, resulting in a higher false-positive rate.

  1. Click Configuration > Security Manager > Profiles.
  2. Click the Default Profile - Laptops/Workstations Normal Protection profile.
  3. For the Behavioral Analysis module, click View Settings.
  4. In the Active Virus Control area, set the Detection Level.
  5. Click Save.

Patch Manager

Ensure devices have the most recent software updates using Patch Manager. Software companies do what they can to minimize issues connected with threats and attacks. Patch Manager provides the capability to effectively manage the downloading and installation of Microsoft and third party software patches across your customers' networks.

Backup Manager/N-able Backup

Ensure important information is regularly backed up to another location, preferably a secure, off-site location. Should an infection occur, with data stored elsewhere, your customers are not prevented from continuing their business due to a locked computer. Information is still readily accessible. N-able Backup ensures key data is still retrievable.

Further information

BitDefender also offers these recommendations to add another level of security to your environment from CryptoWall.

BitDefender has some recommendations and best practices on how we can help to prevent these kinds of attacks and educate our clients in identifying social engineering attempts and spear-phishing emails.