15 things to be safe against #ransomware:
May 12th 2017 saw the biggest ever cyber attack in Internet history . A ransomware named WannaCry stormed through the web.
In the first few hours, 200,000 machines were infected. Big organizations such as Renault or the NHS were struck and crippled by the attack.
MY mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. “Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data — would be lost forever.
I hope you’re reading this post to be prepared for a malware attack. Prevention is absolutely the best security strategy in this case.
But there is no reason for you to feel helpless. There are a lot of practical provisions you can take to block or limit the impact of cyber attacks on your data. And I’m about to show you just what to do.
This guide is packed with concrete information on:
- What ransomware is
- Who ransomware creators target most frequently
- How ransomware spreads via the web
- How ransomware infections happen
- Why ransomware often goes undetected by antivirus
What is ransomware?
Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files, and the only way to regain access to the files is to pay a ransom.
Why ransomware creators and distributors target home users:
- Because they don’t have data backups;
- Because they have little or no cyber security education, which means they’ll click on almost anything;
- Because the same lack of online safety awareness makes them prone to manipulation by cyber attackers;
- Because they lack even baseline cyber protection;
- Because they don’t keep their software up to date (even if specialists always nag them to);
- Because they fail to invest in need-to-have cyber security solutions;
- Because they often rely on luck to keep them safe online (I can’t tell you how many times I’ve heard “it can’t happen to me”);
- Because most home users still rely exclusively on antivirus to protect them from all threats, which is frequently ineffective in spotting and stopping ransomware;
- Because of the sheer volume of Internet users that can become potential victims (more infected PCs = more money).
Why ransomware creators and distributors target businesses:
- Because that’s where the money is;
- Because attackers know that a successful infection can cause major business disruptions, which will increase their chances of getting paid;
- Because computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means;
- Because the human factor is still a huge liability which can also be exploited, but through social engineering tactics;
- Because ransomware can affect not only computers but also servers and cloud-based file-sharing systems, going deep into a business’s core;
- Because cyber criminals know that business would rather not report an infection for fear or legal consequences and brand damage.
- Because small businesses are often unprepared to deal with advanced cyber attacks and have a relaxed BYOD (bring your own device) policy.
Why ransomware creators and distributors target public institutions:
- Because public institutions, such as government agencies, manage huge databases of personal and confidential information that cyber criminals can sell;
- Because budget cuts and mismanagement frequently impact the cybersecurity departments.
- Because the staff is not trained to spot and avoid cyber attacks (malware frequently uses social engineering tactics to exploit human naivety and psychological weaknesses);
- Because public institutions often use outdated software and equipment, which means that their computer systems are packed with security holes just begging to be exploited;
- Because a successful infection has a big impact on conducting usual activities, causing huge disruptions;
- Because successfully attacking public institutions feeds the cyber criminals’ egos (they may want money above all else, but they won’t hesitate to reinforce their position in the community about attacking a high-profile target).
How do ransomware threats spread?
Cyber criminals simply look for the easiest way to infect a system or network and use that backdoor to spread the malicious content.
How do ransomware infections happen?
Though the infection phase is slightly different for each ransomware version, the key stages are the following:
- Initially, the victim receives an email which includes a malicious link or a malware-laden attachment. Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a vulnerable software from the system.
- If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.
- The downloader uses a list of domains or C&C servers controlled by cyber criminals to download the ransomware program on the system.
- The contacted C&C server responds by sending back the requested data.
- The malware then encrypts the entire hard disk content, personal files, and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected to the local network.
- A warning pops up on the screen with instructions on how to pay for the decryption key.
Why ransomware often goes undetected by antivirus
Ransomware uses several evasion tactics that keep it hidden and allow it to:
- Not get picked up by antivirus products
- Not get discovered by cyber security researchers
- Not get observed by law enforcement agencies and their own malware researchers.
15 Items to take your ransomware protection to the next level
This is a promise that I want you to make to yourself: that you will take the threat of ransomware seriously and do something about it before it hits your data.
I’ve seen too many cries for help and too many people confused and panicking when their files get encrypted.
How I wish I could say that ransomware protection is not a life and death kind of situation! But if you work in a hospital and you trigger a crypto-ransomware infection, it could actually endanger lives. Learning how to prevent ransomware attacks is a need-to-have set of knowledge and you can do it both at home and at work.
So here’s what I want you to promise me:
Locally, on the PC
- I don’t store important data only on my PC.
- I have 2 backups of my data: on an external hard drive and in the cloud – Dropbox/Google Drive/etc.
- The Dropbox/Google Drive/OneDrive/etc. application on my computer is not turned on by default. I only open them once a day, to sync my data, and close them once this is done.
- My operating system and the software I use is up to date, including the latest security updates.
- For daily use, I don’t use an administrator account on my computer. I use a guest account with limited privileges.
- I have turned off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc.
In the browser
- I have removed the following plugins from my browsers: Adobe Flash, Adobe Reader, Java and Silverlight. If I absolutely have to use them, I set the browser to ask me if I want to activate these plugins when needed.
- I have adjusted my browsers’ security and privacy settings for increased protection.
- I have removed outdated plugins and add-ons from my browsers. I only kept the ones I use on a daily basis and I keep them updated to the latest version.
- I use an ad-blocker to avoid the threat of potentially malicious ads.
- I never open spam emails or emails from unknown senders.
- I never download attachments from spam emails or suspicious emails.
- I never click links in spam emails or suspicious emails.
Anti-ransomware security tools
- I use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
- I understand the importance of having a traffic-filtering solution that can provide proactive anti-ransomware protection.
We also know that we’re not powerless and there’s a handful of simple things we can do to avoid ransomware. Cyber criminals have as much impact over your data and your security as you give them.
Stay safe and don’t forget the best protection is always a backup!