Rapid Ransomware, in addition to the more traditional type of ransomware, is a new type of threat to a computer and network’s system. The first submitted case of this was in January 2018. Rapid Ransomware, unlike regular Ransomware, stays active on the computer after initially encrypting the systems and also encrypts any new files that are created. It does this by creating auto-runs that are designed to launch the ransomware and display the ransom note every time the infected system is started.
This behaviour is not unique to this new type of Ransomware but at the same time it is not a common theme. Since it was first observed, Rapid Ransomware has affected thousands of users and is actively spreading especially over networks in Europe. It is unclear where the infection has originated from or how it is distributed, but it is most likely the result of a phishing scam.
A number of ransomware attacks have taken place over the past couple of years with the WannaCry Ransomware-attack in May 2017, that affected agencies worldwide such as the NHS, Honda, the University of Montreal, Hitachi and many more. WannaCry is considered to be the most publicly known ransomware attack to date.
The attack affected more than 200,000 computers across 150 countries and totalled in damages ranging from hundreds of millions to billions of dollars after hackers demanded $300 be paid in Bitcoin, or this fee would be doubled to $600 if it was not paid within the three-day time limit.
The Guardian reported in August 2017 that the WannaCry perpetrators withdrew £108,953 worth of Bitcoin as a result of victims paying the hackers to decrypt their files. Between 24th July and 3rd August more than £18,000 worth of Bitcoin was removed from the three wallets, with the remainder of the funds taken out in seven transactions worth between £15,000 and £21,000 each.
Malware, or malicious software, is an umbrella term that is used to refer to a variety of intrusive software that includes Viruses, Worms, Trojan Horses, Ransomware and other programs that intentionally hijack your computer or network’s core functions. They can perform a variety of functions including intercepting, encrypting or deleting sensitive data but can also monitor a user’s computer activity without their permission.
A virus is the most common type of Malware and is defined as a malicious program that can execute itself and spreads by infecting other programs or files. In the case of Ransomware, the hacker encrypts the user’s files and demands a ransom, sometimes not truthfully, in order to decrypt the software and restoring access upon payment. The cost can range from anywhere from couple of hundred pounds to thousands – usually payable in the cryptocurrency Bitcoin because of its anonymity.
There a number of ways a computer or network system can be overcome by ransomware, but most common delivery system are usually phishing scams – attachments that are delivered to the victim via an email and are misconstrued as a file the user can trust. Once downloaded and opened on the system this type of malware can take over the computer, especially if there are tools built into the Ransomware that tricks users into allowing administrative access.
What to do if Rapid Ransomware is suspected?
If you are suspicious that your business network or computers have been infected by Rapid Ransomware, here at Infinity Group we would recommend that you do these three things.
- We would never recommend that you pay the ransom, as there is no guarantee that your files will be reinstated.
- As a company we offer a variety of ransomware protection through some of the market leading products and also may be able to restore the encrypted files.
What products help prevent Rapid Ransomware attacks?
The Intercept X software from Sophos, provides endpoint security and Malware protection. It works by preventing the malicious and spontaneous encryption of ransomware, protecting against trusted files or processes that have been hijacked to keep your business data safe. Intercept X protects your business from all the main Ransomware strains including Rapid, Wanna Decryptor 2.0 (also known as WannaCry), Zepto, Locky, RAA Ransomware and many more.
WatchGuard are the market leader in firewall security and we supply the complete range of WatchGuard Unified Threat Management solutions. If activated and setup properly, WatchGuard Total Security Suite, can also help to achieve GDPR compliance.
As Ransomware attacks can strike your business at any time we are also able to provide Disaster Recovery and Backup Solutions. Our options guarantee business continuity and minimises any potential data loss or business downtime in the event of a Malware attack or other occurrence such as a fire or theft. Most importantly, however, this gives peace of mind that your valuable business assets are safe, protected and can also be recovered and immediately restored should these situations arise.
Infinity Group are IT Security, Ransomware and GDPR Specialists, if you are keen to find out more about the Ransomware products we supply get in touch.