TEMASOFT joined the No More Ransom Project as a Supporting Partner on the 2nd of September 2017, in an effort to help increase awareness about ransomware and how to protect against this threat.
Ransomware is a form of cyber extortion that targets businesses and individuals. It locks out important files, rendering them unusable, and displays messages informing the victim how to proceed for recovering them. The cyber attackers promise to recover the files in exchange for one or more payments. They use anonymous cyber-coins like Bitcoin to monetize their activities. They provide detailed instructions on how to make the payments and then cash out with virtually no risk. Large scale attacks have a big number of victims, and a percentage of those victims decide to pay the ransom.
There are several types of ransomware that have different attack methods:
The most common distribution model involves e-mail phishing campaigns where people are lured into opening apparently legitimate attachments. Upon clicking on such attachment, a malicious code gets executed on the machine.
The program that triggers a ransomware infection is not the actual ransomware. This program is usually called a “downloader” and is the malware that gets distributed as part of the ransomware email SPAM campaigns. During the first stage, the downloader usually executes a few operations like
The downloader arrives in many forms: executable, document, macro, script, binary data, etc. Most of the time, the downloader is disguised into something else – an official document, a picture, etc.
The ransomware payload is usually downloaded from the internet and upon execution, it implements a series of actions to prevent antivirus software from detecting it, as well as to make it difficult for security researchers to reverse engineer the code.
Next, depending on the type of ransomware, specific file encryption actions are taken, and ransom notes are created in various places on the computer.
One of the most important ransomware distribution model, the email, relies on victims’ lack of awareness and their curiosity. Be cautious when using the email and browsing the internet:
Anti-ransomware technology takes a different approach in dealing with ransomware. It delivers specific ransomware detection technology implemented to ensure identification of the vast majority of present and future ransomware with a high degree of accuracy. At the same time, it implements real-time protected backups to ensure data availability in case of a ransomware incident.
We advise you not to pay the ransom, for the following reasons:
Instead, please follow these steps.
There are many ransomware families for which decryption tools are available. Such tools may allow you to recover the compromised files. Once the ransomware family has been identified, search for available decryption tools on the NoMoreRansom page.
The NoMoreRansom website allows you to report the attack. Please follow the information on this page.
Anti-ransomware is a particular type of technology that focuses on detecting ransomware and addressing the data loss risks associated with ransomware incidents. It is different than the antivirus and backup technologies and may use parts of functionality from both.
Learn more about what anti-ransomware is!
Learn more about why a single protection layer, such as antivirus, is not enough to protect from ransomware!
The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and McAfee – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.
TEMASOFT is a software company focused on developing security and infrastructure products. The company was founded in 2000 and since then it has been involved in the development of different software applications for customers from various industries, including several award-winning products for GFI Software which are now used by thousands of customers all over the world. Our current mission is to become a leader in document protection software.
Our existing portfolio of products includes TEMASOFT Ranstop, an effective anti-ransomware software for companies and TEMASOFT FileMonitor, a real-time file monitoring software, all aimed at preventing and protecting companies against ransomware threats, breaches, data leakage and misuse.