Ransomware Protection Guide
Dear readers,
Over the past couple of years, you may have noticed the emergence of a new and very nasty type of computer threat called Ransomware. According to Kaspersky, a computer is infected with ransomware every 10 seconds! In 2017, more than 150 countries were affected by the ransomware variant called WannaCry. It really made a lot of people want to cry as the damage it dealt is estimated to be over 1 BILLION dollars!
So how does this ransomware work? Let’s take a couple of moments to see how it infects your computer and what it does to you after that.
Stage 1: Infection
Ransomware generally tries to infect your computer in two ways. The first is infected email attachments. Using a technique called phishing, hackers can learn about you through your LinkedIn or Facebook accounts, then send you an email making it look like it’s coming from your colleague or friend. This email would contain an infected attachment with a name related to something you would receive from them. By investigating you and your habits, hackers make scam emails more credible and increase the chance that you will click on the infected attachment.
Another way ransomware infects your computer is through compromised or infected web pages. In this case, you may receive an email, a text on your phone, or even a LinkedIn or Facebook post with a link. This type of message or post is designed to look legitimate and encourages you to click on it, taking you to an infected web page. After that, the ransomware on the page scans your computer for vulnerabilities. If it finds one, the ransomware immediately uses it to infect your computer.
Stage 2: The damage is unleashed
Upon infecting your computer, the first thing ransomware does is scan your computer and all external storage media for files that are important to you. For example, your photos, videos, music, and MS Office files would be a great candidate. Once the files are found, either locally or on the network, the ransomware encrypts them with its own secret key. Once the files are encrypted, they are useless to you as their contents are rearranged in such a way that your computer no longer understands them and cannot open the files. Please note that system files belonging to the operating system are generally left untouched. That would render your computer inoperable and you would prevent the ransomware from proceeding to the next step.
Stage 3: ransom demand
Once the ransomware does its dirty work and encrypts all the files dear to you, a ransom letter appears. In the letter, he explains that your files are encrypted and to decrypt them or put them back in the order they were in before and make them accessible again, you must pay a ransom. You see, a simple money transfer would be easily traceable by authorities and hackers would be caught very quickly. That is why hackers came up with a more sinister scheme to use another type of currency called BitCoin. This currency is legitimate and is used on the web for financial transactions. However, hackers liked Bitcoin for its anonymity. BitCoin transactions are virtually impossible to trace, making the money exchange safe for hackers and untraceable for us. Since most of us don’t have BitCoin lying around, hackers “politely point” you to legitimate sites where you can buy BitCoin with your money. They then tell you where to go to pay with your newly purchased BitCoins. In return, hackers should either send you a key or enable the ransomware’s decryption option so that you can recover your files. The ransom required to be paid varies, but on average is around $679 in BitCoins. To deliver even more bad news, there is no guarantee that after paying, you will get your files back. There have been many reports of users paying and getting nothing in return! Sounds scary right?
Then what do you do? How do you stop this nightmare?
Solutions
There are several things you may want to do to lower your risk of infection:
Keep your operating system up to date
It is widely proven that most ransomware uses vulnerabilities found in operating systems like Windows 7, 8, and 10. By regularly updating your operating system, you fix those vulnerabilities, so when ransomware tries to infect your computer, the loopholes are there! closed! In Windows OS, you can set it to update automatically and all you have to do is restart your computer from time to time when the updates are applied.
Choose and install your anti-malware solution correctly
Your protection software plays a very important role in defending your computer from all kinds of malicious software (malware), including ransomware. You can detect malicious behavior and stop it before it can do significant damage. Maintaining a clean and up-to-date anti-malware solution is absolutely necessary to keep your computer clean and protected.
The Final Frontier of Protection: Backup
It may surprise you to learn that the best protection against ransomware is to be proactive. Instead of trying to recover your computer after it’s been infected (which turns out to be more and more difficult lately), just restore it to its previous state without infection! It keeps backup copies of your entire computer on external and protected media. If your computer is hit by a ransomware attack, instead of paying hackers and praying that they decrypt your files, just restore your computer from the previous backup! There are many backup solutions on the market that will help you back up your computer, however the current leader is called Acronis. You can make a complete backup of your computer and easily restore it to its previous state when disaster strikes.
Let us know your thoughts and comments in the section below, and good luck!