Information on Ransomware
So what is ransomware?
Put simply, Ransomware is the kidnapping of your computer and/or network to demand you pay the cyber-criminal money.
Ransomware is a type of malicious malware (software) designed to block access to a computer system until a sum of money is paid to unlock it. The only reason that ransomware is created is because the malware writers see it as an easy way to make money. Over the years these cyber-criminals have earned millions of dollars using ransomware.
Variations of Ransomware have been observed for several years and often attempt to demand money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s system has been locked or that the user’s files have been encrypted. The user is told that unless the ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200 to $400 dollar range, but I can be much more as in many thousands of dollars and must be paid in virtual currency, such as Bitcoin.
Bitcoin is used because the names of the buyers and sellers are anonymous, only their wallets IDs are revealed. It allows buyers and sellers to do business without tracing it back to them. This makes it difficult to find out who actually is behind the ransomware.
How do you get Ransomware?
You could get ransomware if you click on a bad link or open a malicious email attachment or you may get it thru a drive-by download. A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
Ransomware looks like an innocent program or a plugin or an email with an attachment that gets installed without the user’s knowledge. As soon as it gets its access to the user’s system, it starts spreading across the system. Then at some point in time, the ransomware locks the system or particular files and restricts the user from accessing it. Sometimes, these files are encrypted. A ransomware writer demands a certain amount of money to provide the access or to decrypt the files. There is no guarantee that the users will get back their files even after paying the ransom. Therefore it is better to prevent the ransomware attacks than trying to get back your data from some way or other.
Precautions to take against ransomware
Vulnerabilities such as unpatched software, outdated operating systems or people’s ignorance are beneficial for such people with malicious and criminal intentions. Awareness is the best way to avoid any attacks by the ransomware.
Here are a few steps you can take to deal with ransomware attacks:
- Windows users are advised to keep their Windows Operating System up-to-date. If you upgrade to Windows 10, you will reduce the events of the ransomware attack to the maximum extent. If you are using a previous version of Windows, check for updates regularly.
- Apple products (Mac, iPhone, and iPad), as well as Android products, should be updated so you have the latest security updates on those devices as well.
- Always backup your important data to an external hard-drive. Also do not leave the external hard-drive connected all the time, just when you are backing up your data. Leaving it connected will allow the ransomware to encrypt that as well.
- Create an image of your hard-drive and update it regularly. Keep that image on a drive that is not connected to your computer all the time. That way if you do get hit by ransomware, you can just restore it to a new drive and ignore the demand for money. Reusing the original hard-drive would not be suggested. Bits of malware may still be present.
- Enable file history or system protection.
- Beware of phishing emails, spam, and check the email before clicking any attachment.
- Disable the loading of macros in your Office programs.
- Disable your Remote Desktop feature whenever possible. Most people generally do not need Remote Desktop turned on.
- Use two-factor authentication.
- Use a safe and password-protected internet connection.
- Avoid browsing websites that are often the breeding grounds for malware such as illegal download sites, porn sites, and gambling sites.
- Install, use, and regularly update an antivirus solution.
- Make use of some good anti-ransomware software.
- Take your security seriously to prevent your files and database from being hijacked by ransomware.
- Use a firewall appliance that updates regularly. A good firewall appliance should offer anti-virus and malware software that runs in the background and prevent ransomware to get through to your network.
What do I do if I get Ransomware
- If you believe your system is infected with Ransomware, you should immediately disconnect your system from your network. Unplug the Ethernet cable, disable any wireless network interfaces and disconnect any portable drives attached to it. Making sure your system is fully disconnected from your network and Internet can prevent spreading the ransomware to other systems on your network.
- If you created an image of your hard drive and backed up your important data then you can buy a new hard drive and restore the image and then restore your backups. Then you are back in business.
- If you do not have any safe backups of your system, there may be some options for unlocking your data. Some variations of Ransomware have flaws in the way they encrypt your files. A collaboration between McAfee, Kaspersky Lab, Politie and Europol EC3 have created a website called “No More Ransom!” that has a collection of decryptions tools for Ransomware that has been cracked by their researchers. They offer a lot of help and information besides the Decryption Tools. The link to their site is: https://www.nomoreransom.org/en/index.html
Should you work with Law Enforcement
The FBI officially does not encourage paying a ransom. However, that does not mean that they will restrict you from paying the ransom. If you do go to law enforcement they may have some insights that you would not know. If it is a group they have been monitoring, they may know if you pay them if they do decrypt the files and/or do they go away or continue doing it again. Some groups take your money and don’t decrypt your files. Additionally, you would be avoiding the possibility that you may be paying a terrorist when you pay the ransom. You can end up violating certain laws when paying a terrorist and you do not want to be in a situation where you paid a terrorist.