Blog: Ransomware and IBM i

Home » Blog » Blog: Ransomware and IBM i

A recent study from the Cyber Threat Alliance paints a nasty picture of the current threats to businesses from ransomware. Since the CryptoWall 3 virus was identified in January of 2015, cyber criminals have extorted more than an estimated $325 million US in ransom from businesses and individuals. Ransomware is a virus usually embedded in phishing EMAILs, where an attachment, once opened launches a program that encrypts files on a computer, and produces a message that indicates that the files can only be decrypted by paying a ransom, usually in bitcoin, thus the generic name “ransomware” for this type of virus. The files encrypted are usually files that are opened in popular applications like Adobe, photo viewers, ITunes etc. They are also doubly encrypted, the files themselves with 256-bit AES encryption, and then the keys generated by the first encryption being encrypted themselves using 2048-bit RSA encryption.


In the first quarter of 2016, the latest threat called Locky impacted organizations in over 114 countries, and a variant of Locky called Zepto is now making the rounds. Zepto shows itself as an EMAIL with various subject lines like Document copies, with an attachment that is a zip file with your first name and a number like pdf_copy-dan_507956. Once extracted it launches the JavaScript, which does the encryption. How can you protect your business from these attacks and should you be worried?


There are many sites that provide advice on how to protect yourself. The most important tip is to always have backups available, and make sure those backups are offline once run. In other words if your backup drive is always connected, such as a USB thumb drive or a cloud service mapped to a network drive, the virus can find it’s way to your backup files and encrypt them too! Other tips include always showing hidden file extensions, setting up your gateway mail scanner to prevent sending EMAILs with .EXE extensions, create rules in Windows to prevent executables from running from AppData or LocalAppData folders, and disabling RDP (Remote Desktop Protocol).


If you run your business on IBM Power Systems running IBM i, you are less vulnerable, but remember, the IFS is one large Windows file repository and can contain these executable viruses. The annual State of IBM i Security study released by HelpSystems, which can be downloaded here, stated that one company scanned their IBM i for the first time and were shocked to find over 250,000 files infected by CrytpoWall! There are ways to protect your IBM i, many of them can be found in the study. Mid-Range in partnership with Help Systems can also provide Managed Security Services to start you off on the right foot. Contact us if you would like to learn more.

Please follow and like us:
Posted on