We have been seeing a few of our customers falling victim to a type of malware known as “ransomware” recently. It is particularly malicious and everyone should be taking the appropriate steps to make sure that it doesn’t affect them.
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back in the form of a decryption key. The type of file encryption used is usually military grade and all but impossible to crack. The ransom prices can range all the way up to more than $USD 600. These cybercriminals are also now demanding payment in bitcoins making it even harder for law enforcement to track them down.
Ransomware typically spreads through spammed e-mail attachments but also through infected programs and compromised websites. Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password. In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets and other important files.
How to protect yourself:
1. Back up your data
The single biggest thing that will defeat ransomware is having a regularly updated backup. If you are attacked with ransomware you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. Remember that some ransomware will also encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores that you have assigned a drive letter. So, what you need is a regular backup regimen, to an external drive or backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup. If you are doing this and you do happen to fall victim to ransomware, you have your disk drive wiped clean and restore from backup.
2. Only open email attachments that are verified to be safe
You may even receive an email that looks like it is from someone you know, however their email address may have been compromised. Always double-check with the person sending you an attachment that they have indeed sent it to you. Also be very wary about opening any attachment that can be executed. These are files with extensions such as .exe, .bat, .zip; etc. Also use a reputable anti-virus to scan attachments before opening them.
3. Keep your operating system and software up to date
Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system. It can significantly decrease the potential for ransomware-pain if you make a practice of updating your software often. Some vendors release security updates on a regular basis (Microsoft and Adobe both use the second Tuesday of the month), but there are often “out-of-band” or unscheduled updates in case of emergency. Enable automatic updates if you can, or go directly to the software vendor’s website, as malware authors like to disguise their creations as software update notifications too.
Lastly, if you are infected, we strongly advise that you do not pay the ransom. Paying the criminals may get your data back, but there have been plenty of cases where the decryption key never arrived or where it failed to properly decrypt the files. Plus, it encourages criminal behavior! Ransoming anything is not a legitimate business practice, and the malware authors are under no obligation to do as promised – they can take your money and provide nothing in return, because there is no backlash if the criminals fail to deliver.