Quadra

Cloud Threat Intelligence

Endpoint threat intelligence

Takeaways and Checklist:

• The threats and risks of cyberattacks are constantly changing and growing. However, there are some practical steps you can take to minimize your exposure.
• Reduce risk of credential compromise by educating users on why they should avoid simple passwords, enforcing multi-factor authentication and applying alternative authentication methods (e.g., gesture or PIN).
  Enforce security policies that control access to sensitive data and limit corporate network access to appropriate users, locations, devices, and operating systems (OS).
• Do not work in public Wi-Fi hotspots where attackers could eavesdrop on your
  communications, capture logins and passwords, and access your personal data. Regularly update your OS and other software to ensure the latest patches are installed

India specific report

• Eight websites per hundred thousand URLs are malicious - drive-by download pages.
• 420 websites per hundred thousand internet hosts are malicious - Phishing sites.
• 890 websites per hundred thousand internet hosts are malicious - Malware hosting sites.

"Harley-Davidson Uses Artificial Intelligence to Increase New York Sales Leads by 2,930%", reads an article in HBR this May. Today’s leading organizations are using machine learning–based tools to automate decision processes, and they’re starting to experiment with more-advanced uses of artificial intelligence (AI) for digital transformation. AI is already transforming web search, advertising, e-commerce, finance, logistics, media, and more.

Here was the status of what AI currently could do (as of November 2016) as per a founding Lead of the Google Brain team: 

Corporate investment in artificial intelligence is predicted to triple in 2017, becoming a $100 billion market by 2025. Last year alone saw $5 billion in machine learning venture investment. In a recent survey, 30% of respondents predicted that AI will be the biggest disruptor to their industry in the next five years. This will no doubt have profound effects on the workplace.

Machine learning is enabling companies to expand their top-line growth and optimize processes while improving employee engagement and increasing customer satisfaction.

Here are some possible applications of AI to Businesses today:

Personalizing customer service. The potential to improve customer service while lowering costs makes this one of the most exciting areas of opportunity. By combining historical customer service data, natural language processing, and algorithms that continuously learn from interactions, customers can ask questions and get high-quality answers. In fact, 44% of U.S. consumers already prefer chatbots to humans for customer relations. Customer service representatives can step in to handle exceptions, with the algorithms looking over their shoulders to learn what to do next time around.

Improving customer loyalty and retention. Companies can mine customer actions, transactions, and social sentiment data to identify customers who are at high risk of leaving. Combined with profitability data, this allows organizations to optimize “next best action” strategies and personalize the end-to-end customer experience. For example, young adults coming off of their parents’ mobile phone plans often move to other carriers. Telcos can use machine learning to anticipate this behavior and make customized offers, based on the individual’s usage patterns, before they defect to competitors.

Hiring the right people. Corporate job openings pull in about 250 résumés apiece, and over half of surveyed recruiters say shortlisting qualified candidates is the most difficult part of their job. Software quickly sifts through thousands of job applications and shortlists candidates who have the credentials that are most likely to achieve success at the company. Care must be taken not to reinforce any human biases implicit in prior hiring. But software can also combat human bias by automatically flagging biased language in job descriptions, detecting highly qualified candidates who might have been overlooked because they didn’t fit traditional expectations.

Automating finance. AI can expedite “exception handling” in many financial processes. For example, when a payment is received without an order number, a person must sort out which order the payment corresponds to, and determine what to do with any excess or shortfall. By monitoring existing processes and learning to recognize different situations, AI significantly increases the number of invoices that can be matched automatically. This lets organizations reduce the amount of work outsourced to service centers and frees up finance staff to focus on strategic tasks.

Measuring brand exposure. Automated programs can recognize products, people, logos, and more. For example, advanced image recognition can be used to track the position of brand logos that appear in video footage of a sporting event, such as a basketball game. Corporate sponsors get to see the return on investment of their sponsorship investment with detailed analyses, including the quantity, duration, and placement of corporate logos.

Detecting fraud. The typical organization loses 5% of revenues each year to fraud. By building models based on historical transactions, social network information, and other external sources of data, machine learning algorithms can use pattern recognition to spot anomalies, exceptions, and outliers. This helps detect and prevent fraudulent transactions in real time, even for previously unknown types of fraud. For example, banks can use historical transaction data to build algorithms that recognize fraudulent behaviour. They can also discover suspicious patterns of payments and transfers between networks of individuals with overlapping corporate connections. This type of “algorithmic security” is applicable to a wide range of situations, such as cybersecurity and tax evasion.

Predictive maintenance. Machine learning makes it possible to detect anomalies in the temperature of a train axel that indicate that it will freeze up in the next few hours. Instead of hundreds of passengers being stranded in the countryside, waiting for an expensive repair, the train can be diverted to maintenance before it fails, and passengers transferred to a different train.

Smoother supply chains. Machine learning enables contextual analysis of logistics data to predict and mitigate supply chain risks. Algorithms can sift through public social data and news feeds in multiple languages to detect, for example, a fire in a remote factory that supplies vital ball bearings that are used in a car transmission.

Other areas where machine intelligence could soon be commonly used include:

Career planning. Recommendations could help employees choose career paths that lead to high performance, satisfaction, and retention. If a person with an engineering degree wishes to run the division someday, what additional education and work experience should they obtain, and in what order?

Drone- and satellite-based asset management. Drones equipped with cameras can perform regular external inspections of commercial structures, like bridges or airplanes, with the images automatically analysed to detect any new cracks or changes to surfaces.

Retail shelf analysis. A sports drink company could use machine intelligence, coupled with machine vision, to see whether its in-store displays are at the promised location, the shelves are properly stocked with products, and the product labels are facing outward.

Machine learning enables a company to reimagine end-to-end business processes with digital intelligence. The potential is enormous. That’s why software vendors are investing heavily in adding AI to their existing applications and in creating net-new solutions.

- gleaned from the pages of HBR

Office 365 is the fastest growing SaaS offering globally. It is also the most targeted by hackers today as phishing and Ransomware transform into business models in the Dark Web world. Breaches come from emails and misused identities and the attacks only accelerate by the minute. It is high time that Office 365 admins hack-proof their environments – and it is possible with the tools available from Microsoft – tools for studying, analyzing, warning and preventing attacks and plugging vulnerabilities.

The recent Wannacry ransomware attack has created a sense of panic among enterprises using Office 365; remember other cloud services too, are not immune to hacking attacks. Attackers use Social engineering to gain access to the victim’s identity, data and device. It is a security attack vector that involves tricking someone into breaking normal security procedures.

A social engineer runs what used to be called a "con game." Techniques such as appeal to vanity, appeal to authority and appeal to greed are often used in social engineering attacks. Many social engineering exploits simply rely on people's willingness to be helpful. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources.  

Popular types of social engineering attacks include:

• Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
• Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
• Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.
• Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
• Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.

Security experts recommend that IT departments regularly carry out penetration tests that use social engineering techniques. This will help administrators learn which types of users pose the most risk for specific types of attacks while also identifying which employees require additional training. Security awareness training can go a long way towards preventing social engineering attacks. If people know what forms social engineering attacks are likely to take, they will be less likely to become victims.

Fortunately, Microsoft provides enough tools to protect its users and especially Office 365 subscribers from such attacks.

Exchange Online Protection (EOP)

Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.

As a part of Microsoft Exchange Online   By default, EOP protects Microsoft Exchange Online cloud-hosted mailboxes. Exchange Online Protection provides protection against malicious links by scanning content.

Advanced Threat Protection (ATP)

• Securing mailboxes - With Exchange Online Advanced Threat Protection, admins can protect mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
• Protection against Unsafe Attachments - With Safe Attachments, admins can prevent malicious attachments from impacting the messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. 
• Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.
• Protection of the environment when users click malicious links - Safe Links expands on EOP by protecting the O365 environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. URL detonation provides deeper protection against malicious URLs. Not only does Microsoft check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioural malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.
• Dynamic delivery— Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email.
• Rich reporting and tracking links in messages — Gaining critical insights into who is being targeted in the organization and the category of attacks the organization is facing. Reporting and message trace allow admins to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows admins to track individual malicious links in the messages that have been clicked. Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing.
• Intelligence sharing with Windows Defender Advanced Threat Protection— Security admins will be able to see malware activity and relationships across Windows 10 and Office 365.
• Broader protection— Advanced Threat Protection extends to include protection for SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business. 

Threat Intelligence

• The office 365 Threat Intelligence service provides information on security using data from various sources. The data is harvested via the Microsoft Intelligent security Graph technology. Organizations are being targeted with increasingly sophisticated attacks. 
• Threat Intelligence, which helps admins proactively uncover and protect against advanced threats by analysing billions of data signals across Office consumer and commercial services.
• It also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world. In addition, Microsoft is integrating signals from Windows and Azure to help customers realize the full benefit of the Microsoft Cloud.
• Security admins will see a dashboard with rich insights to do deep investigation of malware and will be able to integrate data with existing security management tools.
• Threat Intelligence takes it a step further by alerting security admins and proactively creating and suggesting security policies to help protect against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert customers in finance and related areas to the trend. Threat Intelligence will also dynamically create and suggest additional security policies to help protect you before they get to your network.

Advanced Data Governance

Microsoft has also brought Advanced Data Governance to Office 365 to help customers manage the exploding volume and increasing complexity of corporate data. Microsoft applies intelligence to help admins achieve organizational compliance and automate data retention.

Enterprises will be able to classify, set policy and take action on the data that is most relevant for their organization and industry, with recommendations driven by behavioral analysis and machine learning.

Advanced Data Governance includes the following capabilities:

• Import—Intelligently import only the data needed from on-premises and third-party archives using classifications such as age, data type, user or groups, sensitivity or importance.
• Policies—Policy recommendations are provided, based on machine assisted insights of the data, classifications, tenant, organization, industry, geography and more. Recommendations may include delete, move, encrypt or share.
• Retention—Intelligently preserve only what’s important to the organization by using classifications such as keywords, age, data type, user or group, sensitivity, importance. Integration with line-of-business systems allows admins to trigger retention based upon events, such as creation of a human resources record.

 Advanced Data Governance will help organizations apply the right actions to preserve high value data and purge redundant or obsolete data.

Advanced Security Management (ASM)

Microsoft has launched Advanced Security Management to help give organizations visibility and control over security in Office 365.

They have added a new feature lately called Productivity App Discovery, which will help IT pros and security operations teams understand their organization’s usage of Office 365 and other productivity cloud services. This will help them to better determine the extent to which shadow IT is occurring in their organization.

Productivity App Discovery shows usage of Office 365 and other productivity cloud services. App Permissions will assist in monitoring applications that users are connecting to Office 365.

Office 365 Secure Score

The Office 365 Secure Score is available to help organization evaluate their security level in Office 365. Secure Score analyzes an Office 365 organization’s security based on their regular activities and security settings and assigns a score. It is a credit score for security.

Secure Score figures out what Office 365 services an organization is using (like OneDrive, SharePoint, and Exchange) then looks at the settings and activities and compares them to a baseline established by Microsoft. O365 admins get a score based on how aligned they are with best security practices.

Using Secure Score helps increase an organization’s security by encouraging them to use the built-in security features in Office 365 (many of which they have already purchased but might not be aware of). Learning more about these features as they use the tool will help give them piece of mind that they are taking the right steps to protect their organization from threats.

Admins must check secure scores reports weekly. A sample list of reports is presented here:

• Sign-ins after multiple failure report
• Sign-ins from unknown sources report
• Sign-ins from multiple geographies report
• Mailbox access by non-owners report
• Malware detections report
• Sing-in devices report
• Account provisioning activity report
• Non-global administrators report

A cloud kitchen or a digital restaurant is a fast growing trend that has quickly established itself as a formidable restaurant format. Internet-first restaurants are stepping on the gas and companies such as Zomato, Swiggy and Fresh Menu have already started grabbing a slice of this fast-growing sector.

So what is cloud kitchen a.k.a Internet-first restaurant?

A cloud kitchen is basically a restaurant kitchen that accepts incoming orders only through online ordering systems and offers no dine-in facility. They just have a central kitchen that delivers food at customer’s doorsteps.

The primary source of revenue for these internet restaurants is through the various food ordering platforms, such as Swiggy, Food Panda, Zomato, etc. Critical to their business model is a Point of Sales software that accepts orders from multiple sources. 

Food, at the click of a button

Digital technologies are reshaping our daily experiences as consumers and businesses, and these cloud kitchens are no exception. They have the potential to redefine the contours of the restaurant business. For example, take Swiggy, the trending food delivery app that has its roots in Bengaluru. It was the first among the crowd in the cut throat market to venture cloud kitchen in India. Swiggy has set up ‘The Bowl Company’ in Bengaluru joining hands with the popular restaurateurs to offer a wide selection where the restaurant need not have a physical presence.

Following this, Zomato has opened its first cloud kitchen in the suburb of Delhi, Dwarka as a pilot for its new project, Zomato Infrastructure Services, in which they provide their partner restaurateurs with 300 square feet of space and kitchen equipment. So, an aspiring chef has to just walk in and cook on gas while Zomato takes care of the rest. This could be a great opportunity for budding chefs and entrepreneurs.

The secret sauce!

Inexpensive access to pervasive computing power via cloud and mobile technologies is the secret sauce. Market reports indicate that Swiggy’s technology stack comprises of Amazon (EC2, RDS, Cloudfront and Route53) while Zomato’s technology stack also includes Amazon Route53.  With cloud and mobile technology facilitating online ordering, cloud kitchens suddenly seem like the only rational thing to do to manage the high rentals and poor margins in the F&B industry.

Why is this restaurant stuff important for my business?

Just as cloud and mobile technologies are redefining a traditional industry, the ramifications are just as huge for any other business. It’s no longer about “technology has no role to play in my business”. Chances are, if you don’t know how technology can impact your business, your competitor already does.

With a plethora of services provided by cloud, every business can benefit - from SMBs to large enterprises; from education to hospitality.  The cloud is like this huge switchboard where anyone can plug in and use it when they want to but they don’t have to carry the switchboard, they just use the “service”. Gone are the days of expensive, complex IT infrastructure which deterred many businesses from taking advantage of technology.

The cloud allows you to focus on what you do best - run your business. You can move from being a reactive business to a proactive business that offers transformational products and services. The cloud is also highly resilient, especially during these trying times.

For instance, during an unprecedented natural disaster like Cyclone Vardha, which shut down many businesses, or even during a watershed day like Flipkart’s Big Billion Day, the cloud has played knight in shining armor through its various features like instant scalability, disaster recovery, backup & restore and many more. A survey says 60% of SMBs pull the plug after a disaster but with the advent of cloud technology, they could surely turn the tables and cope up equally with large businesses in this uphill battle.

Your technology GPS

At Quadra, we can help you plan and prioritize your cloud journey by helping you formulate well defined business objectives, along with a business and risk analysis that considers multiple dimensions such as long term cost savings; data criticality, security and privacy concerns; audit and assurance; and regulatory norms, right down to service provider agreement review.

Microsoft has announced that Microsoft Azure has obtained the ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks.

This certification provides guidance on 37 controls in ISO/IEC 27002 and features seven new controls not addressed in ISO/IEC 27002. Both cloud service providers and cloud service customers can leverage this guidance to effectively design and implement cloud computing information security controls. Customers can download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous commitment to providing a secure and compliant cloud environment for its customers.

Microsoft Azure helps customers meet their compliance requirements across a broad range of regulated industries and markets including financial services, healthcare, life sciences, media and entertainment, worldwide public sector, and US federal, state and local government.

- Office blogs

Organizations own the data they keep in the cloud and they need to know how it is being handled at all times.

Microsoft is the industry leader in cloud compliance for enterprise customers. With the Office 365 E5 plan, advanced compliance is integrated into the service, so organizations can meet their unique requirements using a single cloud service.

Microsoft recognizes that organizations want control over access to content stored in cloud services. To maximize data security and privacy for Office 365 customers, Microsoft has engineered the service to require nearly zero interaction with customer content by Microsoft employees. Access is obtained through a rigorous access control technology called Customer Lockbox for Office 365, which helps enterprises meet compliance obligations for explicit data access authorization. In the rare instance when a Microsoft service engineer needs access to enterprise data, access control is extended to you so that you grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.

Office 365 Advanced eDiscovery simplifies the eDiscovery process, reducing the volume of data by finding near-duplicate files, reconstructing email threads and identifying key themes and data relationships. Leveraging machine learning and predictive coding, it helps compliance administrators intelligently explore and analyze large, unstructured datasets and quickly zero in on what’s relevant to save time and money.

-Office 365 pages from the net

Gartner has positioned Microsoft in the Leaders Quadrant in the 2016 Magic Quadrant for Identity and Access Management as a Service, based on its completeness of vision and ability to execute in the IDaaS market.

Microsoft is currently the only vendor to be positioned as a Leader across Gartner’s Magic Quadrants for Identity as a Service, Cloud Infrastructure as a Service (IaaS), Server Virtualization, Application Platform as a Service, Cloud Storage Services, and as a leader across the data platform and productivity services.

Gartner believes this validates Microsoft as a leader across the full spectrum of cloud computing - with easily integrated offerings across cloud infrastructure services, platform services, SaaS, data analytics and hybrid solutions.

Microsoft's Azure Active Directory Premium offering provides features that are in line with other web-centric IDaaS providers, and includes licenses for Azure Multi-Factor Authentication (MFA). It also includes licenses for Microsoft Identity Manager (MIM) that are to be used with customers' on-premises systems. Microsoft also offers Azure Active Directory Premium as part of its Enterprise Mobility Suite (EMS), along with Microsoft Intune EMM and Azure Rights Management, and the on-premises-based Advanced Threat Analytics tool.

Strengths

• Microsoft continues to leverage its current and substantial customer base for Office 365 and other products to add Azure Active Directory and EMS to contracts. The vendor has broad and deep marketing, sales and support capabilities, and it has been pricing EMS low, which has put significant pressure on other IDaaS players.

• The vendor has already demonstrated high scalability with Azure Active Directory. The service underpins other Microsoft Azure services.

• Microsoft has a strong international presence for its service offerings, and continues to expand its IaaS presence worldwide.

• Through acquisition and development, the vendor has demonstrated advancement of its strategy to secure identities, data and devices.

• Microsoft's strategy demonstrates a strong understanding of the technology, socioeconomic, security and jurisdictional trends that will shape its offerings going forward.

Cautions

• The Azure Active Directory B2C and B2B Collaboration subservices were in public preview (beta) at the time our analysis was performed. These offerings will likely need time to mature relative to competition with established B2C and B2B use-case support.

• Microsoft's on-premises "bridge" components for synchronization and federated SSO are now managed under one umbrella component, Azure Active Directory Connect. However, based on Gartner client interactions, these components generally need more infrastructure and more effort to manage than competitors' bridge technology.

• Microsoft can manage the transition of organizations with multiple Active Directory forests to one tenant of Office 365; however, Gartner client feedback is that this transition is easier with competitors' IDaaS offerings.

• Microsoft lags behind competitors in the number of apps it can provision to, as well as the depth of SaaS account fulfillment that supports the provisioning of roles, groups and other attributes.

Data breaches caused by malicious insiders and malicious code can take as long 50 days or more to fix, according to Ponemon Institute's 2015 Cost of Cyber Crime Study while malware, viruses, worms, Trojans, and botnets take only an estimated 2-5 days to fix.

Unsurprisingly, attacks by malicious insiders are also the costliest to fix ($145,000 according to the Ponemon study), followed by denial of service ($127,000) and Web-based attacks ($96,000).

The consequences and cost of cyber-attacks are also unevenly distributed, with business disruption and information loss taking the biggest share, followed by revenue loss and equipment damages, according to Ponemon. But the cost of remediation in person-days can also be substantial. Involvement of a programmer, a QA person, project manager, product manager and corporate lawyer will cost you more than $300 per employee per day, according to data from payscale.com — and that's before you consider the cost of the CEO, CISO and CFO's time.

- Ponemon Institute's 2015 Cost of Cyber Crime Study

Microsoft has announced an update to the Office 365 people profile experience under Delve, which consolidates the profile and activity pages to make it easier for users to discover relevant content, connect with colleagues and find experts inside an organization.

Learn more about your colleagues

The new profile page gives users a place to learn more about their colleagues, providing their contact information, a photo, who they work for and a summary of their experience and expertise, as well as discover their recent activity and a quick glimpse of what they are working on. The profile is actionable, too. Users can start a Skype chat, call or email to a colleague right from their profile page. Remember, Delve only shows content that the user already has permission to see.

The whole experience is responsive and looks great on any device.

Customize User profile and quickly find documents

Users can give their Delve profile a personal touch—upload a favorite profile photo, choose a unique background or edit your expertise. Up-to-date profiles make it easier for others to find out about the user and help the user when the user is looking for information. From the user’s profile, users can also quickly and easily get back to their documents, as well as see documents their most frequent contacts are working on.

Delve is more useful and intuitive than ever thanks to the new profile page. By connecting the users with the content and the contacts who are relevant to them, Delve helps break down silos and keeps the user in the know.

The new profile experience has been rolled out to First Release Office 365 tenants over the past several weeks, and Microsoft expects it to roll out to all eligible Office 365 customers by the second quarter of 2016.

Delve is included in the Office 365 Enterprise E1–E5 subscription plans (including the corresponding A2–A4 and G1–G4 plans for Academic and Government customers, respectively). Delve is also included in the Office 365 Business Essentials and Business Premium plans.

Delve never changes any permissions and only shows the users content that they already have permission to view. Only they can see their private documents in Delve, and other people can’t see their private activities—such as what documents they’ve read, what emails they’ve sent and received or which Skype for Business conversations they have participated in. Other people can see that they’ve modified a document, but only if they have access to the same document.

Ransomware is a growing problem that is now affecting many computer users around the world.

What is ransomware?

• Ransomware stops a user from using his/her PC. It holds the user’s PC or files for ransom – a certain amount of money.

• Some versions of ransomware are called "FBI Moneypak" or the "FBI virus" because they use the FBI's logos.

What does it look like and how does it work?

There are different types of ransomware. However, all of them will prevent the user from using your PC normally, and they will all ask the user to do something before the user can use his/her PC.

Ransomware can:

• Prevent the user from accessing Windows.
• Encrypt files so the user can't use them.
• Stop certain apps from running (like your web browser).

Ransomware will demand that user does something to get access to the PC or files. The pop-up that appear

• Demand the user pay money.
• Make the user to complete surveys.

• Often the ransomware will claim the users have done something illegal with the PC, and that they are being fined by a police force or government agency.

• These claims are false. It is a scare tactic designed to make the user pay the money without telling anyone who might be able to restore your PC.

• There is no guarantee that paying the fine or doing what the ransomware tells the user will give access to the respective PC or files again.

https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Here is a sample:

Locky is the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

You can buy the decryption key from the crooks via the so-called dark web.

The prices we’ve seen vary from BTC 0.5 to BTC 1.00 (BTC is short for “bitcoin,” where one bitcoin is currently worth about $400/£280).

The most common way that Locky arrives is as follows:

• You receive an email containing an attached document (Troj/DocDl-BCF).
• The document looks like gobbledegook.
• The document advises you to enable macros “if the data encoding is incorrect.”