Ransomware – 2019


What is Ransomware?

Ransomware is a kind of virus that prevents you from using your infected computer, phone, or other device.  In most cases, it will encrypt your system preventing you from being able to access your files or other aspects of your machine.  What sets ransomware apart from other viruses is the fact that it is designed to hold your data hostage and tries to force you to pay a fee to get it back.

Do Not Pay the Ransom!!!

Apart from encouraging criminal behavior, it is common for the attacker to choose not to unlock a machine, even after the ransom is paid.

Rule #1: Never Trust a Hacker.

In modern computing, nearly every security breach begins with a violation of your trust. While not trusting hackers seems like it should be a no brainer, it is important to understand that there are many common lies that a hacker will use to convince you to install malware or to scare you into not telling anyone who might be able to help restore your PC. 

The most common cons include:

  1. Impersonating legitimate businesses to get you to trust them. Microsoft, internet service providers, web hosting companies, email providers, social media platforms, and banks are all common guises used to make you believe that you are dealing with trustworthy correspondence.  They use this trust to make you more careless about the software they install, the links you click, and/or the personal information you provide.  
  2. Once installed, ransomware will often claim that you have done something illegal with your PC, and that you are being fined by a police force or government agency.  Legitimate law enforcement agencies NEVER use ransomware to issue fines. 
  3. Another frequent scam hackers use are websites, emails, or phone calls that will claim that you have already been hacked.  These are usually not true.  They are designed to get you to interact with them in ways that will convince you to install fake programs or pay for fake virus removal, but it is often the counterfeit services they are selling which will contain the actual malware.

What can I do to protect myself from Ransomware attacks?

1. Never assume an email is safe:

Do you trust your bank? Facebook account services? How about your friends? The unfortunate truth is that when it comes to email, the answer to all of these questions should always be “no”. There are countless ways a hacker can fake an email to make it look like it came from someone else, and in many cases, when a hacker gains access to someone’s personal email account, they will use that account to issue spam to everyone on their friend’s list to piggyback on that person’s trusted status.

This does not mean that every email is dangerous, but that you should always exercise due caution with every email that you open.

2. Double-check the content of the message.

There are usually errors or discrepancies that you can spot such as a claim from a bank or a friend that they have received something from you. When in doubt, you can check your recently sent items to verify their claim.

Another tell-tale sign is that fake emails from businesses will often begin with things like “Dear Valued Customer” instead of your actual name.

3. Never open links or file attachments in email

 In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you do not know a company’s URL off-hand, use a search engine such as Google or Bing. NEVER follow a link in an email asking your to reset a password that you did not specifically request to have reset, since these are often tricks designed to steal your credentials.

Messages can also contain dangerous file types such as zip, exe, php, html, docx, etc. If you do not recognize a file extension, HERE is a pretty good resource for seeing if it is safe or not. If you ever need to receive a potentially dangerous file type, always confirm with the person that they are the ones sending it.

4. Never click on ads offering free software

These scams generally fall into one of 3 categories.

  • Pop-ups claiming that you have been hacked, or that your computer is unprotected. These will try to give or sell you fake antivirus software designed to infect your machine with malware.
  • Free games, apps, software upgrades, driver scanners, and other various programs are often bundled with malware that could include anything from malware.
  • Cracked/Pirated programs are often bundled with malware. These can be especially malicious because the installation instructions included with them will often instruct you to turn off your anti-virus software while it downloads or installs giving it free reign over your machine.

5. Use a reputable Antivirus security suite

It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Malware authors frequently send out new variants, to try to avoid detection, so this is why it is important to have both layers of protection. Most malware relies upon remote instructions to carry out their misdeeds. If you run across a ransomware variant that is so new that it gets past anti-malware software, it may still be caught by a firewall when it attempts to connect with its Command and Control server to receive instructions for encrypting your files.

6. Backup important data

While many older ransomware viruses can be unlocked using the right anti-virus programs, newer ones usually can not. This is why it’s important to have a good backup plan which can vastly minimize your risk of lose. When it comes to backup and recovery, there are many options to choose from and not all of them are made equal. Some backups may only collect certain kinds of files, or files located in certain places. Some backups may be very complete, but take a very long time to restore if things go wrong. So, it is usually best to refer to your IT provider for advice on the best course of action for your organization.