How to Protect Against Ransomware
So, you want to know how to protect against ransomware on your home and business computers. Well we’re aiming to tell ya. In a perfect world, you would take the information we provide here, reduce you risk profile and avoid this emerging threat. However, we all know it is not a perfect world so we need to prepare for a worst case scenario. You will learn how to do this and we will also reveal the best weapon to protect against ransomware catastrophes.
Enemy, Thy Name is Ransomware
Much in the news this month is the ransomware infection known as WannaCry. This malware (i.e. a malicious program) encrypts data files on computers and holds them for ransom. Reports indicate the WannaCry ransomware spread quicker than usual by exploiting weaknesses in the Windows operating system. These weaknesses were identified and documented by the United States National Security Agency (NSA) for possible use in clandestine operations. They became publicly known when documents about these exploits and other matters were stolen from the NSA and subsequently published by WikiLeaks. Shortly thereafter, Microsoft released patches to address the security issues but the WannaCry ransomware was faster and reached many vulnerable systems before they could be patched.
What is ransomware?
Ransomware is a malicious, destructive computer program. When it gains access to a computer it encrypts (scrambles) the data. The files affected include: documents, pictures, spreadsheets, power points, databases, backups and many others. Once encrypted, the only way to decrypt (unscramble) the affected files is to pay a ransom in untraceable internet currency known as bitcoin. If the ransom is not paid within a specified period of time, you will never see your data again as there is no way to break, hack or crack the encryption. The usual starting ransom is $300, which doubles after a number of days to create urgency. If no action is taken after a week – all of the infected files are deleted.
One particularly effective ransomware some of our clients encountered a while back displayed an official looking message when an infected computer was started. The message, allegedly from the FBI, indicated child-pornography was discovered on the computer and a one-time fine could be paid to avoid arrest and prosecution. Even when it was explained that the message was false, the powerful implication of being branded a pedophile made some consider paying the ransom “just to be safe”.
What happens if I pay the ransom?
The obvious problem with paying the ransom is one must trust the party that infected your system to do the honorable thing and provide the decryption key after the ransom is delivered, which is a fool’s gambit. Infected users that paid the WannaCry ransom reported no key was provided to decrypt their data.
How does ransomware get into a computer system?
The most successful malware tricks the computer user into “opening the door” by lying or misdirecting your attention in a carefully crafted way. There is little difference between the cons used by a grifter in person, on the phone or across the internet. A good example would be a web page pop-up message, email or phone call advising that your computer is infected with malware along with an offer to help fix it. The idea is to get you to act quickly before you can consider the consequences. These socially engineered messages appeal to our natural trusting instincts or to other impulses such as fear or vanity. Such appeals are often more effective with older computer users who fear they may have “done something wrong” and who naturally want to fix things themselves before their error is discovered.
What should I do to protect against ransomware?
The best way to protect against ransomware is to use the same time-tested methods used to guard against most other internet-based threats. You can find “best practices” information on our main Virus and Malware page, but the essentials to protect against ransomware are as follows:
- Don’t click on links or pop-up messages or open email attachments from unknown or suspicious sources.
- Do not use Windows XP-based computers. Windows XP is no longer supported by Microsoft and is now very vulnerable to exploitation. If you must use a Windows XP-based system (for example because of a legacy program that can’t run on a newer version of Windows) we recommend you do not connect the system to a network or the internet.
- If you have Windows Vista, 7, 8, 8.1, 10, Server 2008 or Server 2012 you can still receive updates from Microsoft through the Windows Update service and you should make an effort to download all critical and recommended updates as soon as possible. If you use Apple or Android products install operating system updates shortly after they are released.
- Check that your antivirus program is the latest version and that it has up-to-date virus definitions. If you use the free antivirus app provided with Windows 8, 8.1 and 10 (known as Windows Defender), it is updated automatically unless you change the default settings. If you use a third party antivirus such as Symantec, McAfee or Kaspersky, you must purchase the latest version every year in order to keep your protection current.
Even after patching a system, it will continue to be exposed to new variants of the WannaCry ransomware and other nasties. We recommend checking your defenses on an ongoing basis – at least once a month. As a computer user, you are responsible for your own security. If you don’t take care you can become a “distributor” from which other computer on your home or business network may become infected.
If I am infected, what should I do?
If you discover your system is infected with ransomware, there are steps you should take immediately to contain the damage. As soon as possible, disconnect the system from your network and/or the internet and shut the system down. If the system resists shutting down, use the override (i.e. hold the power button down for several seconds) or by unplugging the system from power. These actions will prevent the ransomware from infecting any additional files on your local system and keep it from searching the network for shared files to infect. Then, have a trusted computer support provider save any unaffected data, remove the infection and secure the system.
Backup – Your Secret Weapon
If you cannot afford to lose your data, you need an effective backup that will allow you to recovery from the catastrophic behavior of a ransomware infection. There are three types of backup that will, in most cases, allow you to successfully overcome the damage from ransomware. They are:
1. A rotation backup on multiple storage devices (such as portable external hard drives or flash drives) that are kept disconnected from your computer or network when not in use.
2. A password protected backup on an isolated, properly maintained network attached device that is only used for storage.
3. An automated online backup service.
All of these methods require an archive of several days to a few weeks of backup to allow for the possibility that a malware infection may not be noticed immediately. If an automated method is used, a human being must regularly test the system by restoring data from the backup to insure it is working as expected. No electronic system works perfectly forever. In our experience, most unchecked backups stop working for one reason or another twice a year.
A majority of home users don’t backup at all and many small businesses do not implement an appropriate backup to protect against ransomware.
Don’t assume your current backup will save your data, make sure it will. Review this information with your computer support provider. If you do not use one of the referenced backup methods, the risk to your data is grave. Ransomware threats will continue to grow in frequency and sophistication. A properly implemented backup is the only tool to insure the survival of your precious data. Don’t wait until it is too late.