Over the next few weeks, I plan to write a series of articles. My focus: Internet Security, Misconceptions, Recommendations, and Best Practices. This weeks topic is Ransomware. In the last few months ransomware has been in the news several times. What exactly is ransomware? Am I at risk? What can I do about it? These are the types of questions I will endeavor to answer in this article.
In short, ransomware is a form of malware that will upon infection, encrypt all your files so that you cannot access them without a decryption key. The hackers who write the malware will happily provide you with this key once you send them anywhere from a few hundred to a few thousand dollars using an anonymous digital currency called Bitcoin. The difficulty in tracing these types of transactions make Bitcoin the currency of choice for hackers. So, should I pay if my files get encrypted? That depends on how important the files are and how badly you need them. Most of the time, the hacker will provide you with the decryption key once you pay. Your files are not going to be decryptable without that key, so any unlocking utilities found on the internet are most likely a scam. Sometimes security researchers will post free utilities online that can unlock some ransomware encrypted files, but these cases are exceedingly rare.
Ransomware is not a new idea and has been around for some time. What made the more recent “WannaCry” ransomware attack that has been in the news so widespread was the severity of the exploit in the Windows SMB protocol. WannaCry started when WikiLeaks exposed many powerful and devastating exploits stockpiled by the NSA. You see, the hardest part of making ransomware is how to “weaponize” it. (how to find a way to infect your system). Fortunately for the hackers, the NSA did this for them, as all they had to do was download the code from WikiLeaks, strap their encryption function to it, and get rich. By now it should be clear the best way to deal with ransomware is not getting infected in the first place. There are some simple steps you can take to minimize your risk.
The first line of defense is a good backup, but not just any backup will do. Once your computer is infected the ransomware will slowly start encrypting all your files in the background, and depending on how many files you have this can take a while. You need a backup system that supports incremental backups. Fortunately, most good backup software these days will have these types of options. You might lose some recent work, but most of your data will survive. Also, I can’t stress the importance of this step enough; you must use an external backup drive and unplug your backup drive after each backup. If you don’t, the ransomware will just encrypt your backup drive as well.
The WannaCry ransomware was weaponized using a Windows exploit that Microsoft had patched months earlier. Anyone who updated their computer regularly was not vulnerable to this particular attack. If you run Windows as your operating system, one of the best ways to prevent your system from being compromised is updating Windows.
Lastly, and certainly not the least important, you need to be aware of the different ways malware can infect your system. There are many “Attack Vectors” for Windows, and listing them all is beyond the scope of this article. However, being aware of only a few can significantly decrease your risk. If you keep these four rules in mind, you will be far less likely to be a victim of malware:
- Never click links in an email unless you’re expecting it.
- Uninstall Flash and refuse to use any website that requires it.
- Use a modern browser such as Chrome, Firefox, or Safari.
- Be very wary of downloading any software that is “free.”
You will notice I did not mention Antivirus anywhere in this article. No Antivirus product is going to protect you from these types of sophisticated attacks. In another article, we will explore the advantages and disadvantages of Antivirus and malware scanning products. In conclusion, protecting yourself from these types of attacks only requires that we trade a bit of convenience for better security.
Even though the focus of this article has been about the security of the data on your computer, website security is just as important. Does your hosting company include incremental backups of your database, off-site encrypted backup, and daily malware scans? Here at Christian Host, we provide all these services for our customers at no extra cost.