Without a doubt, one of the hottest topics in the information security world is ransomware. All over the world, unwitting victims have their computers held hostage until they pay cyber criminals to give them access back to their machines. It is not just private citizens anymore that have to deal with this malicious code. Institutions such as hospitals have found themselves in a situation where an entire network was locked until the ransom was paid. Black hats that deploy ransomware have no regard for people’s privacy or their right to data protection. They have no issue destroying important information such as health records if it means that they make a profit.
Cybersecurity professionals are furious about these developments.
There really is no permanent solution at this time, hence the frustration. The ransomware styles used today are a far more virulent strain than those that first appeared on the scene in 1989. Newer strains of ransomware are impossible to fight once infected, namely because no one has figured out how to decrypt the files that were targeted.
While there is no guaranteed solution, there are measures that you can take to prevent getting infected by this type of malware. In addition, there will be an exploration of countermeasures you can take if infected with ransomware.
For the more security-minded individual, these tactics will seem rudimentary. With the high amount of instances of ransomware attacks, however, it is clear not enough people are versed in these tactics.
Basaic defense against ransomware
Back up your data
This is not a method to prevent attackers from encrypting or destroying your data, but it is the most important measure you can take against ransomware. The reason why is that ransomware attackers rely on your fear of losing important information. Whether you use an external hard drive or a backup service online, is ultimately up to you.
If you have all of your vital data backed up, you have just taken away a great deal of leverage from the cyber-criminal. What motivation do you have to pay off your attacker if your information is safe? The answer, of course, is none whatsoever.
Have the most recent patches installed
Patches exist for a reason, and no, inconveniencing you is not one of them. A major reason that patches exist is to close up newly discovered security vulnerabilities. Hackers are able exploit and infiltrate a system via unpatched operating systems and programs quite frequently. It is the equivalent of leaving your house with the door wide open and hoping it doesn’t get ransacked.
Ransomware operates often under the radar from most antivirus programs, and as such, it can be covertly installed. In short, don’t think that popular programs like Norton Antivirus or Symantec Endpoint Protection are surefire ways to keep you safe. Install every patch as soon as possible.
Avoid unknown executable files and dodgy links
Understand that ransomware is malware that can be found anywhere at any time. Common sense can help in this instance, as treating ransomware like any other malware may improve your defense. There is no such thing as a truly “free” software, as quite often these programs will be bundled with nasty viruses. Additionally, many links in sketchy emails have been shown to infect users with malware. Ransomware has been found among such programs and email links and by the time it's discovered, it'd be too late to do anything about it.
This leads to the main point that any executable file that cannot be vetted should never be opened. Additionally, you should never open links in emails from unknown sources, as this is a primary way that individuals have been infected. This also applies to embedded email photos as they have been known to carry ransomware.
How to react if infected
Contact the authorities
For many, it can already be too late for a defensive posture against ransomware. If your computer is infected, understand that you are under attack from a criminal. These individuals are attempting to extort money from you, and just like other forms of ransom, this is absolutely against the law.
According to the FBI, if you are infected with ransomware you should “contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.” The FBI is currently on the front lines in the US, but there are likely equivalents in your country if you do not live in the United States. If nothing else, this will log the incident, and possibly give researchers a better understanding of how black hats using ransomware operate.
Do not pay the ransom
In countless ransomware incidents, the victims often pay the ransom with hopes that their data will be reclaimed. You know the phrase “we don’t negotiate with terrorists?” In the security world we might as well have a phrase that states “we don’t negotiate with cyber criminals.”
Once you have paid off the black hat, there is no guarantee that you will even get your information decrypted, nor is there a guarantee that the individuals will leave you alone. By paying the ransom you are effectively telling a criminal that they can extort you for more money. They have already had total access to your computer, so they likely know how to contact you or hack your system.
Use ransomware removal software
The type of software that can potentially block and remove ransomware is more common today. I really want to stress here, however, that these programs all have various flaws and should be your last line of defense.
Anti-ransomware programs come in various forms. Some attempt to remove the malware from the system and can even be booted via USB. This can be effective in a situation that ransomware has totally locked you out to the point of “safe mode” becoming inaccessible. It should be noted, however, that these programs only cover certain types of ransomware. When more complex and unknown strains infect your system, this type of program will be rendered useless.
Another type of ransomware removal software focuses on alerting the computer when infected. Programs in this vein attempt to create false locations for a ransomware virus to infect. Once the program has been alerted to the false data infections, the computer will shut down in an attempt to stop the spreading of the ransomware. This will not remove the malware from the system so it will still need to be used in conjunction with another program.
This final type of program is quite experimental in nature and ultimately highlights why backing up your data is so vital. Some security researchers have managed to create decryption programs for your ransomware-affected files. These programs typically only attack specific kinds of ransomware, so there is no guarantee that your specific infection can be dealt with.
Unfortunately, ransomware is an ever-evolving problem and many in the cybersecurity world are playing catch-up. Hopefully, this article has left you feeling a little more equipped to deal with one of the most significant cyber threats today. You cannot truly prevent all forms of ransomware, but you absolutely can bolster your defenses.