Ransomware has been in the news lately, with one of California’s community colleges having recently fallen victim to it. If you are not familiar with the term, ransomware is a type of malicious malware.
It encrypts the content of your hard drive and demands that you pay a ransom to regain access to your data. If you don’t contact the criminals and pay the ransom within a set time period, your files are lost forever.
Ransomware uses extremely strong, unbreakable encryption and there is no getting around it – you either pay the ransom or you can write off your files.
The first modern ransomware malware was released in 2006 and since then the occurrences of malware has exploded. There are many reasons for this but chief among them is the rise of anonymous currency, such as bitcoin.
In the beginning criminals used credit card processors and wire transfers to get the ransoms from victims, but this put them at a bigger risk of getting caught and the banks would frequently seize their ill-gotten loot. With bitcoin it is much harder to stop the criminals as there is no central bank that can freeze the payments and assets of the criminals.
Ransomware is big business. A CNN report estimates that ransomware was on pace to have earned criminals $1 billion last year.
These criminal organizations are run like a real business. Some will go so far as to provide 800 numbers where victims can both negotiate the ransom and get tech support on how to pay the criminals with bitcoin. They will base their ransom on what they think the victim can pay. So a family computer may face a ransom of a few hundred dollars while a large business may face a multi-thousand dollar ransom. The criminals also have automated systems that will automatically send the victims the decryption key and instructions after paying the ransom.
Prevention Is Best Defense
So how do you prevent being the victim of ransomware? By taking the same precautions you would take to prevent regular malware.
The criminals will usually use social engineering to get you to open a file – typically in the form of phishing. They will send you an email with a believable story about why they are contacting you, and instruct you to look at an attachment for further information. This type of phishing attack can take many forms and you can read more in our previous article.
The other vectors of infection are through un-patched internet browsers and plug-ins such as Flash and Adobe Acrobat Reader. It is important to keep all of your software up to date as new security vulnerabilities are discovered every day.
Ransomware can spread through a network as well, so it is important if you have an administrative-privileged account that you don’t use this account to browse the internet. You should have a separate, unprivileged account that you use on a daily bases, and only use the administrative account when doing tasks that require it.
Backup Your Data
The main takeaway is you should always backup your important files, with at least one backup being an offline backup. For example, if you have an external hard drive that you regularly use to backup your data and you get ransomware, chances are the external drive will also be impacted.
If you backup to both a hard drive and an online backup service such as Backblaze or CrashPlan then you will be in much better shape as the online services support what is called versioning. Versioning keeps multiple copies of the data when files change. Also, as of now there isn’t any known strain of ransomware that attempts to delete third-party online backups.
The safest method, by far, is doing a weekly backup to an external hard drive that you keep disconnected from your computer when not in use. This drive should only be attached as long as needed to backup your files.
Following these precautions should save you the painful decision of whether or not to pay a ransom to get access to all of your precious, and often irreplaceable, files.
Jeff Holden is Chief Information Security Officer of
the California Community Colleges Technology Center