Lately I’ve been seeing more and more people becoming infected within Ransomware and I’ve actually been onsite recently helping out a number of people who have had no antivirus installed on their machines (and no up to date backups).
It never seems to hit home how bad it is, not to run a computer without protection until its too late. Companies that don’t use anti-virus and have no recent backups could put the company out of business within days of being hit.
What is Ransomware?
Ransomware is a type of malware software that is built to restrict access to the infected computer system in some way. Once infected it demands that the user pay a ransom to the operators of the software so that you can have restriction removed.
There are a number of versions of ransomware available now, with each version they become more and more complex. Although they all aim to do the same thing, they aim to systematically encrypt files on the system’s hard drive, which then becomes difficult or impossible to decrypt without paying the ransom for the encryption key, while some versions may simply lock the system and display messages intended to coax the user into paying.
Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file, it works on the basis that the user is tricked into downloading a fake application, which then runs the infection and catches the user out.
Two of the most popular attacks involving encryption-based ransomware began to increase through trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities and Cryptowall.
How does it work?
Ransomware can also be classified as a form of scareware, you the user are duped into clicking on an infected popup advertisement either inside an email message or by browsing a compromised website. However, instead of just trying to trick you into buying fake antivirus software or similar products, the malicious criminals encrypt all your data which is accessible (including network storage) and hold your computer hostage in an attempt to extort payment.
Once infected with ransomware the clock starts ticking, the puts time pressure on the victim. It usually starts stating that a piece of your data will be destroyed every 30 minutes (or longer) if you don’t pay up by a certain deadline. Another attack can attempt to force you to purchase a program to de-encrypt your data. This most likely will never work.
The criminals often ask for a nominal payment, figuring you’ll be more likely to pay to avoid the hassle and heartache of dealing with the virus. For example, they may ask you to pay around £50 or more and is usually asked to be deposited via Bitcoin.
How do I protect myself?
There are a number of ways you can protect yourself against ransomware. Prevention is based upon the same techniques that you use to protect yourself against viruses and malware, ransomware follows the same protection techniques, its always best to be protected from day one and not reactively install protection:
- Use a well known antivirus / endpoint security product – The use of a good antivirus / endpoint security product is your first line of defence when it comes to protecting your information. Ensure that you have your anti-virus definitions up to date and that your firewall is configured and enabled.
When you download your software, make sure you download it from a legit source, the last thing you want to do is download a fake application which could make matters even worse.
- Ensure you have a reliable backup and that you backup often – This one should be a no brainer, ensure you have reliable and up to date backups. Even test these backups on a regular basis. If you are infected with ransomware its usually game over and you will have to restore your data.
If you don’t have backups you have lost everything
- Make sure that you make use of a popup blocker in your browser – Popups are used a lot by malicious people and is a prime tactic used by the bad guys who like to encrypt your data. One of the easiest ways to narrow down the scope of attack is to block these popups. This will help you avoid even accidentally clicking on an infected popup, if a popup appears, click on the X in the right-hand corner.
- Ensure that you don’t just click on random links on emails and websites – Don’t click on links inside emails, and avoid suspicious websites. There are a lot of good fakes out these days, exercise caution. You can hover over links to makesure the actual site is the same as what is displayed on the site or email.
If your PC does come under attack, use another computer to research details about the type of attack that is being applied to your machine.
- Disconnect from the internet – If you have been infected with ransomware the first thing you should do is disconnect yourself from the Internet. This will make sure that your personal information isn’t sent back to the criminals.
- Don’t plug any external devices – The last thing you want to do if you have been exposed to ransomware is plug in an external drive (especially a drive that contains your backups), a lot of ransomware product will automatically detect new drives and start encrypting those as well, thereby making matters worse.
- Don’t pay the ransom – The majority of ransomware forces the user to pay by Bitcoin, it is advised that you don’t even consider paying these ransoms as you aren’t guaranteed to get the key to unlock your data.
I hope this post has provided some insight into the rise and popularity of ransomware and if you aren’t already using anti-virus and performing regular backups please start now.