I am sure by now that most everyone has heard of ransomware, usually in relation to a large corporation or municipality that has been targeted and the extraordinary cost involved with such an event. But do you really know what it is, and how to best protect yourself or your employer from this kind of an attack? Because the reality is that, unless you are someone really famous with an enormous bank account and a few skeletons in your closet, its far more likely your employer could be a target, and you could be the means by which ransomware is introduced into your employer’s systems.
In this blog I will explain what ransomware is, how it infects a computer or network, what to do if infected and how to protect yourself from ransomware.
What is ransomware?
Ransomware is malicious software (malware) that blocks you from accessing your personal or corporate data, while the hackers demand a ransom for its release. The malware could be in the form of a pop-up message claiming your computer is infected, and they are the only ones who can clean it up. It could be a screen locker which prevents you from logging in, possibly displaying an official looking FBI or police seal and indicating you must pay a fine due to illegal activity discovered on your computer. Or the malware could encrypt your files, and demand payment for the decryption key. If the ransom demands are not met, the data may remain encrypted and inaccessible, or the data may be deleted.
How does ransomware infect a computer or network?
One of the ways ransomware can gain access to a network or system is through social engineering, “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes” (from Dictionary.com). It could be an email that has been created to look like it came from a reputable company that you may already have an account with. It could say that the credit card associated with your account needs to be updated and ask you to click a link to update your card information. Or, the email could indicate that a hold has been put on your account and you need to “click on this link” to login and verify your account. Sometimes these emails have telltale signs of inauthenticity, such as bad grammar or typographical errors, while others can look very authentic and be difficult to tell from legitimate email. The links in the emails take you to sites which are created to gather as much personal information as they can so they can gain access to your system or accounts. Or, the link leads to a download which infects your system with malware, granting access to the hacker. Once the hacker gains access, he or she can encrypt all your valuable files and hold them for ransom.
What do I do if my computer and files are infected?
Hopefully your employer already has a plan in place should ransomware become an issue at your place of employment and holds frequent trainings regarding information security. In the event they do not and you become compromised, I suggest immediately notify your manager and your IT department, so they may begin damage control, remediating or firewalling off your system to prevent further spread.
If the problem occurs on your home or personal system, try shutting it down and disconnecting it from the network and internet. If the malware is still there after the reboot, the computer won’t be able to reconnect with the hacker’s server. You can check to see if there’s a decryptor available which will help unencrypt the files held hostage, though it is unlikely.
Download and install a security product that has a reputation for cleaning up malware and run a full scan. If infected with screen locking ransomware, a full system restore may be needed. Be aware that with any of these solutions, you may not get your files back. But if you have protected your files (as will be described in the next section) you’ll be able to restore them.
If you are the IT Department at your employer, you would follow similar steps for the servers and systems for which you are responsible. Remove the device from the network, survey the damage inflicted, and remediate according to your company’s disaster recovery and information security plans.
You may have noticed that I did not suggest paying the ransom. Paying the ransom only serves to encourage bad actors, and there is absolutely no guarantee that after paying the ransom the hacker will release your files or send you the decryptor key. There are, of course, situations in which you would consider this option; but we won’t go into that for the purposes of this blog.
So how do I protect myself from ransomware?
Be aware of social engineering attempts. If you receive an email containing an attachment, is it from someone you are familiar with, or something you were expecting? Look the email sender’s name and email address; does the email address match who they say they are? Are they saying they are from your cable company, but the address is nothing at all like the company name? If the names and/or email address looks suspicious, then it is a potential bad actor. If it is an odd email message from someone you know, besides the email address matching the sender’s name, is it an unusual request from that person? Reach out to the individual and ask if they sent it. Do not click on links or attachments in email messages that seem suspicious.
Protect and back up your data. Keep multiple backups in different locations, for safety. Consider that one of these backups should be offline, for further protection. Test your backups, test your restores. Invest in an application with real-time protection to block threats and malware attacks.
Apply patches and updates to your computer and software regularly. Malware takes advantage of known security issues in Windows, which are remediated in patches. This also applies for servers. Don’t run old operating systems that are no longer under support, as there will not be any more patches for them, and they are tempting targets.
In closing
I hope you have found the information provided here useful. Your best defense against ransomware is to have good backup and data protection systems, always be vigilant, and stay informed on how to detect malicious spam, scams and suspicious websites. Educate yourself and your employees on what to look for in these attacks. If you have any questions, please feel free to contact us.