How can I protect myself?
There are two main ways to avoid being a victim: Knowledge/Education and Backups. First off, knowing what to look for and educating others is critical. The less money the cyber criminals get from their scheme, the less that will do it. So what do you look out for? Most of the ransomware infections come through email using the ancient trick of an infected attachment.
What do I look out for?
“Phishing emails” became popular back in 2003 and have stayed true for attackers ever since. The term “phishing” comes from a fisherman tossing a hook into the water, hoping to catch a passing fish. Criminals use phishing emails hoping to catch a passing victim. A good attack will be almost indistinguishable from an email you may normally receive, whether at business or home. Ransomware will commonly use what is known as “spear phishing,” meaning the attacker tailored the message in some way towards the recipient, be it a person or an organization. That brings us to the social engineering paradox of phishing emails: You don’t know what you don’t know. Criminals play on the easy deception in mass numbers and are bound to catch a few fish if they drag their line through a few million a day like ransomware currently does.
Email example of ransomware.
It could appear to be a PDF or Word document, frequently disguised as an invoice from some company, or a resume looking for a job, or claim to be FedEx/UPS tracking information. Frequently the “payload” (the computer code that does the nasty stuff) is enclosed in a ZIP file that is attached. Frequently the icon of the file within this ZIP will be changed to look like something it may not be, such as a PDF for DOC. In all cases, it’s an executable of some kind, meaning once you open it, you’re granting it permission to do whatever it is programmed to do on your computer. In most cases, this will download other nasty stuff in the background, causing the headache that ransomware does. Make sure to look VERY closely at the file for a “double-extension” like .pdf .exe or .doc .js – never open anything like that as it’s almost always bad news. In fact, as we’ve said for over 20 years: Never open any executable attachment EVER from an email.
Example of a ransomware in a zipfile.
Other times, the email will appear to be from someone you know, but may look “funny” or off. It may contain a link asking you to “check out this video” or visit a website. The links are malicious and may lead you to what is known as a “drive-by exploit” to take control of your system without any other interaction from you. (This usually happens because of out of date software that is loaded by your web browser, such as Adobe’s Flash Player, or Oracle’s Java. The bad guys look at the new stuff that comes out and compare it to them old, allowing them to know exactly what was fixed… then look for systems that aren’t patched with the fix.) Keeping your system up to date by installing Windows and software updates will help mitigate such a risk. (But be careful with that too as there are a lot of malicious ads that pose as fake updates out there! But that’s another write-up entirely.)
Example of encrypted ransomware system.
I’m careful so I’m safe, right?
Even though you know what to look out for and you’re super careful… it can still happen to you. Maybe someone else uses your system and causes an issue. Or maybe you’re trying to work late and in your sleepy stupor you click the wrong thing. Never fear because you’re prepared with the other important defense: Backups! Ransomware aside, you should really have proper backups already. Hardware can fail and data can get corrupted in hundreds of non-malicious ways. Backups help recover from all that – but it’s critically important when dealing with ransomware. Once hit, you have three options: Restore from backup, Pay the ransom and hope for the best, or go cry in the corner because all your personal data is gone. I don’t want to see anyone crying in the corner, and paying the ransom is a crap-shoot at best (it doesn’t always get your data back and now you’re out lots of money, PLUS you’re supporting what is basically cyber-terrorism) SO we’re left with making sure you have a backup. Unfortunately this isn’t as easy as it should be as the ransomware authors are actually pretty smart people. They know people may have a backup and will try to make sure you lose access to that too. On top of that, some of them will crawl the network and try to encrypt files that aren’t even on your computer, but rather on a network share, like a server or another computer near you.