Some years ago, cybercriminals found a new method to make money out of their criminal practices.
Instead of distributing viruses that simply destroyed systems and data, they invented ransomware, a kind of malware that encrypts the victim’s data, or blocks access to it, and asks for money to make it available again.
Ransomware took many cybersecurity experts by surprise, exploiting security holes they didn’t know they had, and seriously compromising their companies’ critical information. A single vulnerability on an IT network is enough to put at risk tons of sensitive data. In that sense, ransomware affects not only the reputation of the organizations but also their finances.
The main target for ransomware attacks are companies – the bigger, the better. Because, in general, they have more financial resources and are in better conditions to pay a ransom than individuals. But no one’s safe since any computer, tablet, or phone can get infected. Yes, phones too!
The most common way of distributing ransomware is email. Usually, the infection appears attached to seemingly legitimate messages. These messages ask the user to click on a link or to download an attachment that distributes the malware. Attackers typically send massive messages to millions of email addresses.
Malicious websites and social media messaging are also common ways of ransomware distribution.
Victims of ransomware realize they have been attacked when they are prevented from accessing their files. The attackers provide anonymous instructions to pay the ransom and recover the compromised information. No matter if the ransom is paid or not, the attackers will have access to the victim’s data and will always try to extract useful information from it.
Once the attack has been perpetrated, the victim must deal with the fact that all sensitive data has been compromised. That could include usernames and passwords, payment information, email addresses, and much more.
One word summarizes the best strategy to fight ransomware: prevention. Only if you take the necessary prevention measures, you will be able to recover from a ransomware attack, or better yet, you will simply avoid being attacked. We compiled a checklist of prevention measures that will help you fight ransomware effectively.
Be very careful with email attachments
Your antivirus software should warn you about any suspicious email attachment that you get. But don’t rely blindly on that because email messages can be easily disguised to appear as legitimate notifications from your bank, your credit card company, or any other trusted source, even a co-worker or a friend.
Before opening a file attached to a message, check the sender’s address, not just the sender’s name, because that can be falsified. Check if the domain name (the part after the @) of the address is what it should be. If it’s a strange name with no meaning at all, discard the message immediately.
The most dangerous attachments are application components, such as EXE (executable) or DLL (dynamic link library) files. So pay extra attention if you see one of these such files attached to a message. But any type of file associated with an application that opens it up automatically is potentially dangerous. So good advice is never double-click on the attached files. Always save it to a folder and check it with an antivirus application afterward.
Don’t click on a link that appears in an email body
Once you do it, it could be too late.
If it’s absolutely necessary that you click on that tempting link, hover the mouse pointer (if you’re using a computer) to see where the link is really going to take you. If you’re using a phone or a tablet, you can tap on the link and keep your finger pressed to see the real URL behind the link.
If it doesn’t match the link text, then don’t follow it, and discard the tricky message.
Be careful with unknown external drives or USB sticks
If you need to copy files from an external storage device someone gave you, don’t let it do anything automatically when you connect it.
Ask for the location of the files you need and copy them (and don’t copy anything else) to a temporary folder in your device where you can scan them for malware before using them. The same caution as for email attachments apply here: don’t double-click on the files or let them open or play automatically.
Play safe on social networks
Ransomware can spread over social networks as quickly as a zombie infection. We all love to share with our friends any content we like. We do it with good intentions, but sometimes this could be an irresponsible way to spread malware.
If a friend of yours sends you a link to something you “must” download, install or watch, be careful: maybe your friend is already infected, and it’s the ransomware that’s trying to trick you into opening a door for it to get into your system.
Double-check anything you receive through social networks. Something as innocent as watching a video of kittens playing with puppies could end up costing you a fortune.
Keep your software up to date
It is vital that all the software you use comes from reliable sources and always have the latest updates installed. Changelogs (“What’s new” screens or documents) could be tedious to read, but they provide useful information in terms of what did the developer does to fix security issues and eliminate vulnerabilities.
Read them thoroughly in order to understand which were the problems they solved.
Make sure you have a good Antivirus and Firewall
Read reviews and comparisons to make sure to install the best antivirus and Firewall for your devices.
Well-designed antivirus utilities should eliminate ransomware as soon as it tries to break in your system. Modern antivirus utilities add some form of behavior monitoring. Some of them, instead of looking for known threat patterns, work exclusively by observing malicious behaviors. This behavior-based technique is becoming more common as it proves its effectiveness.
Some security utilities aim to avoid ransomware attacks by denying unauthorized access to certain locations, such as the desktop or the documents folder of a computer. Any access attempt by an unknown program fires a warning message to the user, giving the option to allow or deny the access.
The following are some of the best options.
Malwarebytes – probably the best anti-malware for Windows, MAC, Android, and iOS.
ESET – advanced Internet security protection for desktop and mobile devices.
Many people find it too late that they don’t have a proper backup strategy. The typical problems with backups are damaged media, corrupted backup data, difficult restore procedures that take too much time, or too many people to perform, between others.
If you discover the backup problems after a ransomware attack, then your backups may be useless. A sound backup strategy should enable you to go back in time to a specific date, and restore your data to that date. You need to know the precise date when the infection began, and then restore from a backup that is earlier than that date.
A reliable data backup must be paired to a swift restoration procedure. It is also important that a data backup offers granular and easy file recovery to let you get back to work with their data in a short time.
If you don’t want to deal with backup schedules, media, rotation, and other hassles, consider a cloud backup service. There is a wide variety of online backup providers, with an even wider variety of options and prices. Keep in mind that the service you will be paying for will relieve you of many concerns and avoid many risks.
What if everything fails?
Even if you take all the necessary steps to prevent malware from getting into your system, nothing could guarantee that it won’t happen. So, what to do if your device gets infected?
First of all, you should isolate the infected device. Disconnect it from the Internet and from any network – wired or wireless – it could be connected. Second, you should get a clean backup and restore the infected machine to the last known “good” state. Don’t reconnect the previously infected device to the Internet or any network until you are entirely sure that the infection has disappeared.
Changing your passwords is an annoying but necessary measure since the old password might be compromised. To further harden the password, use a password manager.
If you are lucky, it is possible that you could restore the damaged data using a decryptor from an antivirus vendor. These tools are explicitly aimed at known ransomware, but won’t work with files encrypted with new breeds of malware that use custom encryption algorithms.
Should you pay the ransom?
Is paying the ransom a viable alternative?
Ultimately, attackers want money, so they’ve developed marketing strategies to convince you that they are providing you a service: they are teaching you a lesson, and they are also helping you to improve your security measures.
Attackers will even offer you a “proof of life”: they will restore one of your files to show you that they are willing to resolve the situation promptly. Sometimes this is true. Sometimes it is not.
The investigation authority is watching all reported ransomware infections carefully, analyzing its spread and severity. According to the Bureau, victims should not pay any ransoms. This is a valuable piece of advice since approximately 20% of the companies that pay the ransom don’t get back the access to their data.
You should consider how long it will take to recover your data by your means. Talk to the anti-malware product support to see if they can help you.