Monday, October 31, 2016

What is Ransomware? (And How Does It Affect You?)


Ransomware is one of the most common types of malware attacks today, and once you’ve been targeted, it’s difficult to get yourself out of the situation. The attackers encrypt your files, and they’re the only ones that have the key. Decryption is next to impossible. Unfortunately, many Ransomware victims end up simply paying the hackers -- which is exactly what they want you to do.
Ransomware isn’t a particularly new idea. The first such program, “AIDS,” was created in 1989. However, this approach to extortion has gained newfound popularity in recent years. In 2013, McAfee reported that they had collected over 250,000 samples of ransomware, twice the number in the first quarter of 2012.
For users, the first line of defense is awareness. It’s important to know what ransomware is, how it works, and how you can protect yourself against it.

How Ransomware Works

There are actually two types of ransomware: encrypting and non-encrypting. Both types often use “scareware” tactics, using social engineering to frighten you into doing what the hackers say. They often claim that you’re doing something illegal, or that your computer is infected.
Encrypting ransomware uses cryptography, making your files impossible to access. To get them back, you need a private decryption key from the hacker. The nature of the encryption method they use makes it basically impossible to simply guess the key, or to find it within the program itself. They’ll ask for a ransom in exchange for the key, usually several hundred or even hundreds and thousands of dollars. One of the most high-profile recent ransomware programs, CryptoLocker, asked specifically for payment via Bitcoin -- which is anonymous and difficult to track. It successfully extorted an estimated total of $27 million from users worldwide. But keep in mind that ransomware doesn’t just infect your single computer - it infects your entire network and the shares accessible to that computer.
Another type of ransomware doesn’t encrypt your files; holding you hostage, by other means. Some are “lockscreen ransomware.” These programs freeze you out of your PC until you pay up. When you boot up your computer, you’ll be confronted by an intimidating full-screen window. It’s often designed to look like something official from the FBI or the US Department of Justice. Alternately, there are some strains of ransomware that delete Windows Shadow Copies and backup files by known programs, which is what makes them extremely harmful.

Keeping Yourself Protected

Once your PC has been infected by ransomware, it’s difficult to fix the problem. However, these digital security best practices can help you avoid acquiring the malicious software in the first place.

Keep your Antivirus Program Up to Date

For most users, especially the less tech-savvy among us, it’s always a good idea to have a good, up to date antivirus program. Choosing the right antivirus can be tricky, as many of these programs are bloated, ad-heavy, and questionably effective. Avira, Kaspersky, and Avast are good places to start. There’s also Malwarebytes, which focuses specifically on certain types of malware and adware. You’ll need to keep your antivirus software up to date, as new threats come around all the time.
Enable File Extensions
In Windows, file extensions are usually disabled by default. However, enabling this option can help you spot deceptive files. Things with extensions like .exe (program files) or .js (Javascript files) could very well be malware, especially if their names are designed to look like an image or a text file.
Backup Your Data Regularly
If you’re not completely reliant on cloud storage, and important files are stored locally, it’s important to make a backup. If your files are encrypted by ransomware, you can just access them from the most recent backup.
Employees Shouldn’t Have Admin Privileges
There’s really no good reason for non-IT staff to have administrator accounts in Windows. Admin accounts have more power to run programs and install things, which opens up possibilities for malware.
Keep Your Software Up to Date
Be sure to keep up with all important patches and updates for important software applications. Without them, security holes could be exploited by malware attacks.
Online, Always Check the URL
Many malware attacks start when you inadvertently download something from a website disguised to look official. Always look at the URL and make sure it’s correct. Also, it’s advisable that you use an adblocker for your browser, such as Ublock Origin. Ads can potentially harbor malicious programs.
Use Ransomware Resistant Storage Options
Storage options like Reevert can add an extra layer of protection against ransomware attacks. They’re specifically designed to safeguard important data against this particular form of malware, making them a great choice for small and medium businesses who need protection. Reevert allows you to backup your data instantly, and create regular backups on a consistent schedule. If you’re targeted by malware, you can simply access the backed up copies of your files.
Keep Yourself and Your Staff Aware and Protected
Because ransomware has become such a popular form of malware in recent years, it’s important for your non-IT staff to be aware that it’s a potential threat. It’s also important for your IT department to backup the data, install reliable antivirus and anti-malware programs, and avoid giving users too much control over software installation. Once you’ve been hit by a ransomware attack, your options are limited. The best protection is to avoid ransomware altogether by following good security practices.