There were 204 million reported Ransomware attacks in 2018.
In 2019, we are on track to double that number. Protecting yourself is more important than ever. In this article, we will outline a series of best practices. After reading this, you will have a better understanding of ransomware and ways to protect yourself.
Ransomware is a type of malicious software. It will encrypt a victim’s files when installed which will cause you to lose access to them. Attackers will demand a sum of money to decrypt the files which will allow them further access. Once ransomware is loaded onto a victim’s machine, it will scan the local network and attempt to load onto other systems. Once infected, there are two courses of action: Pay the ransom or recover your files from a backed up version.
Paying Ransom
Security researchers and malware analysts recommended against paying ransoms until recently. After several large government agencies and municipalities paid the ransom and were able to recover files, some have changed their opinion. Paying ransom has drawbacks. First off, you are allowing the attacker to prove their business model is profitable which allows them to continue attacking others. Paying the ransom is no guarantee you will gain access back to your files. If you do decide to pay the ransom, first ask to have several of your files decrypted to verify their ability and willingness to help. Most attackers will ask for a payment through Bitcoin. Pay via bitcoin or other safe sites like Paypal which encrypt your information. Don’t ever give the attacker any information on your bank or give out your credit card number.
Restoring from backup
Recovering your data from a backup also has challenges associated with the location of where the data is backed up. It could have been encrypted during the initial attack. If you do have access to your backed up files, before restoring them you need to make sure that the ransomware has been removed and the attack method has been identified. After this, you can safely restore your files.
Best practices to safeguard
Practice good internet browsing habits along with caution when opening email attachments.
- Use the least privileged account necessary. If you have your main account set up as an administrator, it will give an exploited piece of software full access to your system. Set your account to the least privilege necessary to block further access.
- Have multiple backups. Have both an onsite and offsite backup. Periodically verify these backups. Rotate out an external drive for your local backup so you always have an isolated local version. Consider a backup software that creates bare metal images.
- Patch your software. Make sure your operating system and software are up to date. Applying security updates will eliminate known security vulnerabilities that attackers can exploit.
- Don’t open unknown files. Received an unexpected email attachment from a sender you know? Delete it and contact them. Attachments form an unknown sender? Delete the email without opening it. Downloading a new piece of software? Make sure the site is reputable that you download it from.
- Install anti-virus software. Many different security vendors offer protection suites with anti-ransomware protection.
- Practice good password habits. Use a password manager and ensure passwords are strong and not reused. Enable two factor authentication when possible.
- Use Firefox or Google Chrome as browsers along with installing an anti-scripting and ad blocking plugin. I suggest ublock origin.
Summary
Ransomware has become a serious problem with the ability to cripple entire networks. Make sure you follow good practices along with staying cautious. This will help protect you and ease the pain in the event of a ransomware attack. As with all computer vulnerabilities, there is no guaranteed method of protection.
https://www.us-cert.gov/sites/default/files/2019-07/Ransomware_Statement_S508C.pdf https://www.statista.com/topics/4136/ransomware/
