Ransomware

Ransomware!

Think of the information contained on your personal computer or laptop: Pictures. Documents. Financial information. Files you’ve taken home from the office to work on over the weekend. Music and videos.

Now think: how much is it all worth to you?

That’s exactly the question some cyber criminals are forcing their targets to think about. If someone locked all the data on your computer – from family photos to budget records to your great American novel – how much would you be willing to pay to get it back?

The attack in question is called ransomware, and, in a way, it works just like ransom always has. Someone has something of yours and you have to pay to get it back. But in this case, the criminal doesn’t actually have your data; instead, they’ve invaded your computer with malware that encrypts your files and renders them useless to you. If you pay the criminals what they want, they’ll give you the encryption key (maybe) so you can unlock the files and regain access. If you don’t pay up…well, then you’ve lost all your data. Perhaps forever.

Which is bad.

As with much else in the world of data security, the place to start in tackling a problem like ransomware is prevention. The malware that spreads ransomware is often delivered through phishing attacks: email you receive that tries to entice you into opening up a malicious attachment or clicking on a link which will deliver the malware to your machine. The simple part of this is that if you never open or click on attachments and links that you aren’t familiar with, you’ll be safe. The difficult part is that often these phishing emails can look very legitimate and it can be hard to tell the real from the fraud. So be cautious. If in doubt, call the company or person that the email claims to be from directly or visit their website from your browser (rather than the email link). The time spent in an abundance of caution could save you from major headaches down the road. (NOTE: We’ve written more on phishing attacks here.)

Another way the ransomware can spread is through malvertizing. In this case, the criminals post ads on websites that can automatically transfer the malware to your computer while you browse the webpage in question. Availing yourself of the latest, most up-to-date virus and firewall protection, as well as employing a good ad blocker (there are some good ones out there for free), is the best defense against these attacks.

But there’s still one more major step you can take in preventing ransomware from ruining your day (or year), and that’s to backup your data. There are a variety of different ways to do this depending on your operating system and what works best for you, but the basic idea is to periodically save all your data to a source that is not always connected to your computer. If you are so unfortunate as to be infected by ransomware, rather than having to pay up, you can simply restore all your information from the backup and go about your business. Both Windows and Apple have options for this, as well as some third-party companies. Keeping your backup drive up to date and disconnected may feel like a hassle at first, but this can be lessened if you build it into a weekly backup routine.

There are other, more technical prevention steps that we haven’t detailed here. If you are interested, another good read might be:

http://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/

As we mentioned, prevention is key. In the case of ransomware, it also may be your ONLY solution. Once your files have been locked, depending on the type of ransomware there may be no way of getting your data back other than paying the ransom. This, of course, has many drawbacks, including doling out your own hard-earned money and funding (i.e. encouraging!) further attacks by the criminals. And they may not even come through on their end of the bargain.

So think prevention.

By the way: What goes for individual users in this case certainly applies to businesses and institutions as well. You can imagine what a hospital would be willing to pay to have back it’s potentially life-dependent computer data. Or a bank. Or a government. So all of the preceding information can be applied to your place of work as well!

Ransomware