How to Protect Against Ransomware
So, you want to know how to protect against ransomware on your home and business computers. Well we’re aiming to tell ya. In a perfect world, you would take the information we provide here, reduce you risk profile and avoid this emerging threat. However, we all know it is not a perfect world so we need to prepare for a worst case scenario. You will learn how to do this and we will also reveal the best weapon to protect against ransomware catastrophes.
What is ransomware?
Ransomware is a malicious, often destructive computer program. There are a few common types of ransomware but for the purpose of an example I will use the type known as an “encryptor”. When this type of ransomware gains access to a computer it uses encryption (a method of changing data for security purposes) to scramble data to make your data files inaccessible. Files that are commonly affected include: documents, pictures, spreadsheets, power points, databases, backups and many others. Once encrypted, the only way to decrypt (i.e. unscramble) the affected files is to pay a ransom in untraceable internet currency known as bitcoin. If the ransom is not paid within a specified period of time you are instructed, you will never see your data again as there is no easy way to break, hack or reverse encryption.
Enemy, Thy Name is Ransomware
Much in the news this month is the ransomware infection known as WannaCry. This malware encrypts data files on computers and holds them for ransom. Reports indicate the WannaCry ransomware spread quicker than usual by exploiting weaknesses in the Windows operating system. These weaknesses were identified and documented by the United States National Security Agency (NSA) for possible use in clandestine operations. They became publicly known when documents about these exploits and other information was stolen from the NSA and subsequently published by the WikiLeaks website. Shortly thereafter, Microsoft released patches to address the security issues but the WannaCry ransomware was faster and reached many vulnerable systems before they could be patched.
Another particularly effective ransomware displayed an official looking message when an infected computer was started. Although it did not encrypt data files, it prevented the user from opening programs and navigating the computer environment normally. The message, allegedly from the FBI, indicated child-pornography was discovered on the computer so it had been electronically locked. There was only one way to avoid arrest and prosecution – pay a fine. Even when explained that the message was false, the powerful implication of being branded a pedophile make some consider paying the ransom “just to be safe”.
What happens if I pay the ransom?
The obvious problem with paying the ransom is that you must trust the party that infected your system to do the honorable thing and provide the decryption key or means of restoring your system to normalcy after the ransom is delivered, which is a fool’s gambit. For the record, infected users that paid the WannaCry ransom reported no decryption key was provided to unlock their data.
How does ransomware get into a computer system?
Ransomware, like other computer malware, usually tricks the computer user to “give it access” to the computer by lying or misdirecting your attention in a carefully crafted way. An example would be a web page pop-up message, email or phone call advising that your computer is infected with a virus – along with an offer to help fix it. The idea is to get you to act quickly before you can consider the consequences. These socially engineered messages appeal to our natural trusting instincts or to other impulses such as fear or vanity. Such appeals are often more effective with older computer users who fear they may have “done something wrong” and who naturally want to fix things themselves before their error is discovered.
What should I do to protect against ransomware?
The best way to protect against ransomware is to use the same time-tested methods used to guard against most other internet-based threats. You can find “best practices” information on our main Virus and Malware page, but the essentials to protect against ransomware are as follows:
- Don’t click on links or pop-up messages or open email attachments from unknown or suspicious sources.
- Do not use Windows XP, Vista or Windows 7 based computers on the internet. These operating systems are no longer supported by Microsoft and are now very vulnerable to exploitation. If you must use a system based on one of these old versions of Windows (for example because of a legacy program that can’t run on a newer version) we recommend you do not connect the system to a network or the internet.
- If you have Windows 8, 8.1, 10, Server 2008 or Server 2012 you can still receive updates from Microsoft through the Windows Update service and you should make an effort to download all critical and recommended updates as soon as they become available. If you use Apple or Android products install operating system updates shortly after they are released.
- Check that your antivirus program is the latest version and that it has up-to-date virus definitions. If you use the free antivirus app provided with Windows 8, 8.1 and 10 (known as Windows Defender), it is updated automatically unless you change the default settings. If you use a third party antivirus such as Symantec, McAfee or Kaspersky, you should purchase the latest versions as directed in order to keep your protection current.
Even after a system is patched against a threat such as the WannaCry ransomware, new ransomware threats and variants are developed every day. We recommend using the Windows Update feature to download any updates that require attention at least once a month. As a computer user, you are responsible for your own security. If you don’t take care you can become a “distributor” from which other computers on your home or business network may become infected.
If I am infected, what should I do?
If you discover your system is infected with ransomware, there are steps you should take immediately to contain the damage. As soon as possible, disconnect the system from your network and/or the internet and shut the system down. If the system resists shutting down, use the override (i.e. hold the power button down for several seconds) or by unplugging the system from power. These actions will prevent the ransomware from infecting any additional files on your local system and keep it from searching the network for shared files to infect. Then, have a trusted computer support provider save any unaffected data, remove the infection and secure the system.
Backup – Your Secret Weapon
If you cannot afford to lose your data, you need an effective backup that will allow you to recovery from the catastrophic behavior of a ransomware infection. There are three types of backup that will, in most cases, allow you to successfully overcome the damage from ransomware. They are:
1. A rotation backup on multiple storage devices (such as portable external hard drives or flash drives) that are kept disconnected from your computer or network when not in use.
2. A password protected backup on an isolated, properly maintained network attached device that is only used for storage.
3. An automated online backup service.
All of these methods require an archive of several days to a few weeks of backup to allow for the possibility that a malware infection may not be noticed immediately. If an automated method is used, a human being must regularly test the system by restoring data from the backup to insure it is working as expected. No electronic system works perfectly forever. In our experience, most unchecked backups stop working for one reason or another twice a year.
A majority of home users don’t backup at all and many small businesses do not implement an appropriate backup to protect against ransomware.
Don’t assume your current backup will save your data, make sure it will. Review this information with your computer support provider. If you do not use one of the referenced backup methods, the risk to your data is grave. Ransomware threats will continue to grow in frequency and sophistication. A properly implemented backup is the only tool to insure the survival of your precious data. Don’t wait until it is too late.