A Federal Warning
On October 28th, the Federal agency, CISA (Cybersecurity & Infrastructure Security Agency), issued a warning about ransomware targeting the Healthcare and Public Health Sector. Among the specific strains mentioned, Ryuk and Trickbot were two that PC Matic effectively identified and blocked on October 26th.
Typically, ransomware strains like Ryuk are sent via email in a word doc. The victim opens the word doc, and then releases the malicious program onto their system. These attachments can be unassuming and difficult to spot.
As you can see, the email program is warning the user of a security issue. Most infections are caused due to user error. This means that the targeted victim does what was expected of them and opens the document. While it is possible for a piece of malware to brute force its way into a system, it’s unlikely. As one of my PC Matic co-workers said, “why put the effort into a brute force attack when so many people willingly open malicious scripts?”
Keeping yourself educated on what to look for, like the picture above, will help you better see the warning signs of a malicious file. A good antivirus program is the next step in your defense.
PC Matic Catches Viruses
Our default-deny approach allows us to catch harmful malware, like Ryuk and TrickBot, before they can let loose on your machine. One of our malware researchers put together a video for us last week on how PC Matic blocked both these strains on the 26th. Below are some screenshots from that video.
As you can see, both of those executables are contained on the desktop in the controlled demonstration.
In the above two images, you can see the Trickbot file selected and given an attempt to run. You can also see that PC Matic has blocked the file.
Next, let’s look at the Ryuk file.
Again, our automated whitelist software blocks the malicious file before it’s able to run. Because whitelisting blocks everything not recognized on our allow lists, even if these were new strains they would still be blocked. This means you don’t have to wait for something to be recognized as bad for us to block it.
As ransomware becomes more prevalent and more sophisticated, it becomes imperative that we know how to stop it. Continued education and proven antivirus solutions should be a part of your anti-ransomware arsenal. So what are you doing to fight ransomware? Connect with us on our social media pages to join the discussion.
As always, stay safe out there.