What is ransomware?
Ransomware is a type of malware/virus that encrypts your data and asks for a ransom prior to letting you access it. The most famous Ransomware is CryptoLocker, which was first discovered in 2013. Since then other ransomware including CryptoWall, TorrentLocker, CTB-Locker and TeslaCrypt have become more prevalent. These malware/viruses infect your computer through links or attachments in email that then take advantage of windows and 3rd party software (Java, Adobe, Flash, etc.) security vulnerabilities that may be present on your computer.
How does it work?
You receive an email that looks legitimate, but has a file attachment that contains a script unknown to you. You open the file and your virus scanner doesn’t see anything malicious going on so it allows the file to open. This is the initial exploit. It is designed to have a different signature than any prior version, so Anti-Virus applications will not pick it up. It then disables antivirus and downloads an exploit kit from a compromised website. Without you knowing, the kit will capture your keyboard strokes, take screenshots of or your applications and web browsing in an attempt to capture your valuable account numbers, login information and passwords. This data may then be uploaded to a server to be used for identity theft and other cyber-crimes.
Next the exploit kit will download Cryptowall (or a similar variant of Ransomware) from another compromised web server. It disguises the download again with useless instructions and anti-emulation tricks to prevent your antivirus from detecting the malware. Cryptowall then begins to delete any previous version of files that Windows keeps for recovery purposes. It proceeds to encrypt all of the files on your computer and company shared drives you have access to with military grade encryption. Reversing this encryption so you can access the files is nearly impossible without paying the ransom they are asking for. You will usually have 72 hours to pay, before the infection can no longer decrypt the files. This is designed to force you to make a hasty decision. The exploit kit may also leave a back door for future re-infection before it deletes itself from the system (destroys the evidence).
How does Jack protect you?
Jack addresses these threats by actively patching your windows operating system and 3rd party software to ensure there are no known vulnerabilities that ransomware can take advantage of. It also utilizes a best in class anti-virus software that is smart enough to look for activity on your system that indicates you maybe under a ransomware attack. If it finds this activity, it will then kill the attack!