Ransomware is malware that employs encryption to hold a victim's information at ransom. A user or organization's critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Ransomware is an especially costly threat, and, in the 2017 fourth quarter, it was one of the fastest growing types of malware tracked by Malwarebytes.
As it did in 2016, Windows was the target of the vast majority of ransomware. Malwarebytes discovered 8% of malware discovered in the quarter was ransomware-focused.
"Ransomware is certainly on the rise and is becoming increasingly sophisticated," said Janicki. "However, ransomware-specific data is hard to come by. Looking at data from large corporations is a better way to analyze the impact of ransomware. For the most part, the same big-name companies that run protection products are targeted. This data gives an indication of how ransomware is evolving, how fast it is moving, and its virulence."
Disabling the Target
Some ransomware targets organizations' most valuable resources -- like intellectual property, payment data, and sensitive information stored in the cloud. In these cases, mitigation tactics need to be tailored to the targeted environment and its systems.
Malwarebytes Pro's customer agreement explains how the company protects its customers from ransomware and how to report a suspected breach. Its endpoint protection uses machine learning to identify ransomware prior to the infection, automatically respond to it, and take preventive measures to prevent any threats.
This method is most effective in stopping ransomware when it is not an initial infection. The first step in halting the spread of ransomware is to ensure it isn't running, since this serves as a beacon to those who have already been infected and infected others.
Malwarebytes Pro then shuts down the Windows service that the ransomware is using to encrypt the user's files. It prevents the ransomware from using the Windows network drive to move on to other drives. It also prevents the ransomware from encrypting other data on the system, including text documents, and removable storage devices.
Ransomware may attempt to contact a command and control server that's been identified by the security community or by the antivirus vendor that detects it. The most effective way to block this server is to use Malwarebytes Anti-Ransomware.
Malwarebytes Anti-Ransomware scans the system for suspicious files and then prevents the ransomware from encrypting them using default antivirus behavior. The system then restarts and restores any unsaved data.
Malwarebytes Free, which does not contain malware detection or removal capabilities, helps users get a handle on a ransomware infection. The software automatically scans files, folders, and drives for malicious activity and determines if ransomware has infected the computer. If so, it prevents ransomware from encrypting files, even if the files are on removable storage media, including USB thumb drives and CDs. It also restores any files that were deleted.
The Ransomware of the Year award is not a ranking. However, one thing is for sure: If it weren't for threat prevention and endpoint protection from Malwarebytes and other security vendors, the world could be facing a lot more serious problems than ransomware.
Affect of Ransomware
Ransomware is not always a big crime, but sometimes it is. And when it is, it does so rapidly.
Two Polish companies were hit in a "ransomware outbreak"
Ransomware is thought to have infected 1,100 computers in Poland.
National Police said it was not clear who had launched the attack
The police said the ransomware encrypted files and demanded money in exchange for a decryption key.
The "ransomware" virus exploits a vulnerability in Microsoft Windows that affects computers running the Windows XP operating system.
The police said it had stopped the virus from spreading to other machines.
Separately, on Friday night, the government office in charge of keeping the railway system running was hit by a cyber attack.
Image copyright AFP Image caption Poland's government was targeted in an attack on Friday
The Polish Interior Ministry said it believed a virus had infected dozens of computers in the computer system of Polish Railways (PKP).
Citizens have been warned to avoid doing business online until the problem is fixed.
"We were locked out, but the important thing is that nobody who is able to pay did," one government official was quoted by the news agency Agencja Gazeta as saying.
Spain's National Cryptology Centre was also targeted by a ransomware attack.
Spain's Computer Emergency Response Team (CERT-EU) said the attackers were demanding the equivalent of about €1m (£850,000, $1.1m) in bitcoins.
The energy and mining company Repsol said it had stopped an attempt by hackers to disrupt some of its energy production.
"We have implemented security measures to protect our business-critical systems and are working to remedy the situation," the company said in a statement.
.