Millions of businesses and individuals have been attacked by criminals using a form of computer malware known as ransomware. You also may have heard it called cryptoware, CryptoLocker or many other similar combinations. What is this threat, how does it work and why are so many people falling victim? Read on.
Ransomware is the name given to a type of computer malware that uses encryption to prevent access to your computer or files. The criminals retain the keys and demand a ransom from the victim to release the key.
If this happens to you, there is an important detail that you need to think about before you panic and pay $500 or more to these criminals. They only have the keys to the lock they have put on your files, they don’t actually have copies of your information and don’t know what they are holding hostage, they simple have the key to the lock.
Think about it like you would if you were to ride a bicycle somewhere and then were to lock it to a parking meter at your destination. The criminals have simply put another bike lock on your bike and are demanding money for the key. They can’t ride your bike away, but neither can you if you don’t get the key.
What can you do about ransomware?
Sadly most of the organized criminals behind these attacks are smart enough to use high-grade encryption algorithms that cannot be broken easily. If you are infected you are usually stuck with two undesirable options: restore your files from a backup or pay the ransom. We never encourage people to pay, as you are not only funding a criminal enterprise, but there is no guarantee you will regain access to your files. The best ways forward are always to have up to date backups and do everything you can to prevent an infection from occurring.
Backups are reasonably self-explanatory, but much easier to do than in the past. There are a myriad of online backup services and home based hard disk based solution that are incredibly affordable for almost any individual or business. Backups protect you against many other types of tragedies as well and should not be underestimated.
Prevention is clearly the best way forward and protecting against ransomware is very similar to other malicious computer code. The first key element is to ensure you have updated all of the software on your computer and phone. This prevents websites that have been hacked from being able to automatically inject ransomware onto your device.
How can can you prevent a ransomware attack?
Install endpoint security software and ensure it is being updated properly. Consumers can use free solutions like Sophos Home while businesses will usually have an endpoint security product installed. When updated properly these tools are very effective at preventing a large number of ransomware attacks.
Many ransomware attacks have begun relying on tricking people into inviting the malicious code onto their computer rather than exploiting flaws in our web browsers and plugins. This is usually an email pretending to be the post office not being able to deliver a package or the tax authorities trying to reach you to refund you some money. By opening the attachment or clicking the link you are inviting the criminals onto your device. As always it is always safest to always type the name of the site you want to go to directly into your web browser and to verify any attachments you receive are legitimate with the sender.
Lastly there have cropped up specific tools to defend your computer against ransomware. These tools watch all of the programs on your PC and detect when a process goes rogue and attempts to lock up all of your files. These anti-ransomware programs can be thought of as a sort of anti-virus plus.
Like all computer security threats, no one solution provides a silver bullet that will magically keep you safe, but building a layered defence is incredibly effective at protecting against this latest money making scam. Let’s hope we can stem the tide of people paying the crooks so they stop making so much money and decide to move along. We all have to take some responsibility for our own online safety and it is more important now than ever.
Chester Wisniewski is the Principal Research Scientist at Sophos.
