Understanding and Preventing Ransomware Attacks
Ransomware is one of the most damaging attacks that can hit a computer. It encrypts files, making them useless. To get them restored, you need to pay an extortion fee and if you do, you may or may not get your files back. You’re also likely to get hit again. Defending against it requires good security habits, software protection, and regular backups.
How ransomware works
Ransomware most often gets onto computers when people click unsafe links or attachments. Phishing emails can trick them into opening an attachment that installs the ransomware on their machine. It starts replacing files with encrypted versions of them. The victim does not have the decryption key, so there is no obvious way to get the files back.
After a while, a message appears on the target computer telling the victim that the files have been encrypted. It says that the only way to decrypt them is to send a cryptocurrency payment, such as Bitcoin, to the attacker. The amount may be small enough, perhaps a few hundred dollars, that paying up seems easier than having a professional fix the problem. Bitcoin is untraceable, so the criminal collects while staying anonymous.
The message often tries to make the victim commit to a quick decision. It may warn that more files will be encrypted or the fee will increase after a certain amount of time. The aim is to give the victim a little time as possible to consider alternatives.
The targets of ransomware
Attacks aimed at lucrative targets, and businesses in particular, have increased and the criminal groups behind them may be working with nation-states. Here in the U.S., the city of Riviera Beach, Florida and Baltimore have all fallen victim to ransomware attacks.
The combination of spearphishing (personally crafted and targeted messages) with ransomware makes executives and other high-profile individuals a growing target base. The attackers know exactly who they’re after and use personal information to make their messages appear plausible. Most ransomware hits small businesses and personal systems, which are often easy targets and willing to pay, but the overall trend is toward hand-picked targets that can pay large amounts.
What to do
If ransomware hits your files, you have to decide whether to give in or take other actions. If you have an up-to-date backup, the choice is easy: you rest easy, remove the malware from your computer, and restore the files. If you do not have a backup, your options are to either pay the criminals or not pay them and engage law enforcement and see if they release the files anyway. There is no guarantee in either scenario that the files will be released and, at best, the malware remains on the computer and could strike again. Some kinds of ransomware aren’t that sophisticated and computer recovery experts may be able to recover the affected files without giving in to extortion.
The best defense is a multilayered approach:
- Back-up all files regularly. A backup is the best protection against ransomware and other kinds of catastrophic loss.
- Be careful with email. If a message looks wrong, do not click on any links in it or open its attachments.
- Keep your network secured, with a firewall, strong encryption and anti-virus software.
- Regularly patch all software, so that it doesn’t have exploitable security holes.
The BLACKCLOAK team has the expertise it takes to protect you from ransomware and other security threats. We’re here and ready to provide you with the advice and guidance you need.