Encrypting Ransomware is not new, but over the last few years it has risen to become one of the most dangerous forms of malware to businesses as well as being devastating to personal users. Imagine losing your family photos, a few years of baby pictures, copies of resumes, emails, or perhaps your password list, all taken hostage in an instant.
Ransomware is malware (a short word covering all kinds of nasty programs) that allows criminals to run a program on your computer, take control and, after they have control, they make you pay to rectify the damage they cause.
Encrypting means that your data is still on your hard drive but made absolutely inaccessible to you unless you pay the ransom, often in the hundreds if not thousands of dollars, to have your files decrypted for you. And that’s if the bad guys decide not to just take your money and run. Also, don’t get your hopes up that you can decrypt the files yourself. In most cases you can’t. With modern encryption, unless you have almost unlimited funds, computing resources and, more importantly, lots of time (months to years) brute force cracking/decryption is out of the question.
It's much better to avoid the problem of hostage files than to attempt to solve it after.
The best protections for you are: (and the first is the most important)
1) Have backups that are not connected to your computer when the infection hits. This means “air-gapped” backups. Air gapping means using a backup device that is physically unplugged/disconnected from the computer after it has been backed up. When possible, if you have more than one backup device then rotate your backup devices daily or weekly.
Backing up to a shared folder on another computer used to be OK but now, shared folders on a server or other connected computer are very likely to be encrypted as well when the original computer is infected. Some specifically designed, mostly commercial grade, connected backup devices are safe to use but check to be sure.
2) Have a “cloud” or internet based backup. Most cloud/internet based backup systems retain previous versions of files or system states from which you can restore and, because they are not simply shared folders networked and connected to your computer, they are generally safe.
3) When possible, have more than one backup/recovery option. No one ever complained that the second backup was the one that worked.
4) Use a high quality antivirus program. For home users, the free home use option of a commercial program often gives the same level of protection as the full version. For business users, check out the features of commercial programs also and make your choice. All of the examples in our last post have some protection against ransomware variants but NO antivirus can protect you against all variants at all times.
5) Keep your firewall turned on. Windows has its own firewall and many antivirus, Internet Security programs add increased levels of firewall protection. There are also free firewall programs, see http://www.pcmag.com/article/313986/the-best-free-firewalls for some options.
6) Don’t open email attachments or click links inside unless you a) know who it’s from and b) are sure of the content. For example; if you get an email asking you to click on a link or open a file form a shipping company, take a moment to ask yourself if you ordered anything. Or perhaps the email is form a friend but all it says is “click here” to see the joke. These are just examples. A good rule is, if in doubt…Just don’t!
7) Keep your software updated. Many exploits use security bugs in programs and operating systems and for this reason the manufacturers are continually patching and updating their software to fix these holes. By updating regularly, you make it harder for the bad guys to infect you.
8) Turn on file extension visibility and be sure of the file’s extension before you click. The extension is the 3 letters after the period in the file name. Examples are .jpg, .exe, .doc etc. Unfortunately, newer versions of Windows and other Operating Systems sometimes turn off the visibility of the extensions. A favorite trick being used by the bad guys is to give a file or attachment two extensions. An example would be filename.jpg.exe. In this case, the .exe would not be visible and you may think you are opening a picture because of the jpg extension but instead you are now opening an infected file. For instructions on how to do this procedure for Windows 10 go to http://windows.microsoft.com/en-us/windows/show-hide-file-name-extensions#show-hide-file-name-extensions=windows-7 , and for earlier versions of Windows go to https://support.microsoft.com/en-us/kb/865219 .
9) If a website pops up and says you are infected, or a voice comes on telling you that you are infected, immediately turn off the computer. If you can’t turn it off normally, hold in the power button on the PC for about 10 seconds or so until it turns off. If that doesn’t work, pull the plug. The website may warn you not to turn it off or your data will be damaged but, trust me, turn it off. After a minute or so, turn the computer back on. For many forms of malware, this is sufficient to stop it in its tracks. Then check for damage to your files and, if you see any damage or are not sure, call someone who can help.
10) Be very, and by that I mean extremely, careful using file sharing sites. While legal sites have almost no risk, downloads from file sharing sites are very prone to infection. The bad guys are smart. If they know that people want to download the latest tune or movie they can put an infected file up on the sharing site, name it after the song or movie or whatever, and wait for their victim. If you do use sharing sites, scan every file before opening and, be sure to follow hint number 4.
11) Don’t forget rule #1
If you would like further information, please give us a call at 780-624-9221.