In the modern IT world, hardly a day goes by without the systems of a company being attacked with ransomware. Criminals using this specific form of computer virus will often target individuals too, with each case resulting in the victims being blackmailed with high ransom money demands. The problem is so acute that you may have seen mainstream news and media outlets covering high-profile cases in recent weeks. Certain ransomware variants cannot be deciphered even by security experts, and whilst affected users face serious problems, protection against ransomware is relatively simple if a few simple tips are observed.
In this article we’ll show you 6 simple (but really important) ways to protect yourself from ransomware, as well as what to do if your system becomes infected. But first…
How does ransomware work?
Ransomware is a type of malware encrypts data on a computer or network and demands a ransom payment to decrypt the information. The virus spreads from one file to the next, infecting all possible areas of a system and/or attached network until everything is encrypted. The most common types of ransomware activate and connect via the internet to a so-called ‘Command-and-Control’ (C&C) server, which creates one unique decryption key for the encrypted files of each specific victim. In some cases, ransomware cruelly fools the user by displaying a message window with a fake warning, which forces the user to push a button that starts the actual encryption. Newer versions of ransomware are activated just by opening a file, making them seemingly inconspicuous in some cases.
The newest discovery comes from Avira which claim to have found a new ‘Locky’ ransomware which runs on autopilot, which means that it doesn’t need a C&C server connection anymore to create a key and encrypt the files. In this case, hackers just create one simple public key for all victims, which mean that they don’t need huge server infrastructure anymore and thus minimise the risk of being tracked down by law enforcement, which makes the treat even more dangerous.
So with all this in mind, how can you protect yourself from ransomware and other computer viruses?
1. Don’t open email attachments from unknown senders
One of the most common ways to get infected by ransomware is by opening rogue email attachments. Always make sure that you are the intended recipient of the email and that it is coming from a legitimate source. If you are unsure that you are the real addressee, or the email appears to be from someone within your organisation, don’t hesitate to pick up the phone and call them on their internal number to verify that it was really them who sent the email. If this isn’t the case, contact your IT security department immediately so your company can minimise the risk of an infection.
2. Don’t visit suspicious sites
Some websites can be dangerous and malicious, so it pays to be cautious when browsing online. Adult, gaming and file sharing sites can be prime areas for ransomware to hide, plus free download sites should be visited with extreme caution. In some cases ransomware is hidden either in the download file, or under web banners or other scripts hidden inside the webpage. If you need to visit a prohibited site or download free software, be aware that you are at risk and be prepared with suitable anti-virus software. Do not click on any unnecessary website banners and if you need access at work it’s best to seek approval from your IT team before proceeding.
3. Keep your system up to date
Computer criminals look for easy ways to hijack or infect your personal and work computer or server. But you have the ability to make things hard for them; frequently downloading and installing security updates and patches will help to close exploits in your applications and your operating system. The same goes with updates to antivirus software – regular updates mitigate the risk of infection. You may find that your antivirus software can also check incoming emails, identify many known ransomware viruses and protect you from opening them.
4. Keep your passwords (and your system) safe
Some ransomware is not delivered via email, but by traditional hacking and stealing of passwords. If the password(s) of one person is stolen or hacked, a criminal then has access to the computer and can infect it with ransomware. In cases where Windows Remote Desktop Protocol (RDP) is allowed, the problem is even more severe; the ransomware can spread easily from one computer to another using this protocol. If RDP is not necessary in your company or small business, keep it disabled!
5. Shut it down
If you suspect that something is wrong and you sense that your system is infected, disconnect your computer immediately from the internet and your network. This way you can mitigate the damage caused by a ransomware attack by cutting access to other areas of your network. Since the purpose of ransomware is to encrypt data (and the encryption process takes time), there is a chance if you act fast enough you can save some of your data from being infected. Additionally, if your computer is taken completely offline the ransomware virus cannot spread over the network to infect other systems within the company.
6. Always have a current backup available
This really goes without saying; maintaining a solid backup of all your files is by far the best way to ensure that if you are hit by a ransomware attack you’re not left high and dry without access to your critical business information. Regardless of the size of your company or IT infrastructure, one thing which has to be implemented is a thorough backup plan. When creating a backup plan it is important to assess the frequency and timing – the less time between backups the better. It is also worth considering making a regular offline backup at regular intervals, for example to external hard drives or a tape storage system. This way you can keep backups completely disconnected and separate from your network, which would then be out of reach of any ransomware attack.
If your data is infected by ransomware, you do not have an up-to-date backup and you are not able to find a decryption tool for this particular ransomware type, the only viable option is to consult a data recovery service provider. Whilst this would mean paying for the recovery of your data, at the same time you would not be supporting crime by paying the ransom to the hackers (which has not always resulted in getting the data back).
Data recovery experts like Kroll Ontrack track the different ransomware variants that are on the scene and develop specialised tools or work-arounds to recover infected files and complete storage systems. In many cases (but not all) experts have found ways to recover data infected by the most common ransomware types, therefore if you fall victim to an attack it is a good idea to contact the data recovery experts to see if they can help.
Michael Nuncic is Marketing Communications Manager at the German Ontrack Data Recovery office in Böblingen for more than 5 years. Highly experienced in computer, network and software topics, he is a professional editor for blog and technical articles for almost 20 years now.