Ransomware 101

With the blogs in this series I want to reach not only my typical audience, security professionals, but especially less security aware people to help them improve their personal security. If you think the content is helpful for people you know, share it with them!

Today's post is about ransomware, a type of malicious software that locks files on computers and mobile devices. The files are held hostage by the criminals until a sum of money is paid. Ransomware is one of the biggest online threats. And ransomware is here to stay because It's very easy to set up ransomware campaigns that target the masses. Besides a lot of people and companies are still in a very weak position (a lot of them have no working backups) that leaves them no choice but to pay the criminals.

If nothing else, backup!

Whether you lost your data because your hard disk crashed or because they are encrypted by ransomware, you should never end up in a situation where you can only hope to get your files back.

I cannot emphasize enough how important it is to have backups. Make sure that you have backups at 2 geographically different locations, test them regularly and make sure that at least one of them is resilient against ransomware. I explain this in detail in this article.

How you can get infected with ransomware

Some of the most common reasons of ransomware infections are:

  • downloading malicious attachments
  • clicking on malicious links
  • visiting malicious websites
  • spread via other devices in the network

How to protect your devices against ransomware

Like we have seen before, for instance in this post, 100% secure doesn't exist. And there's no silver bullet solution to safe us from harm. It's all about using a combination of defenses.

You need a good anti-malware solution. Regularly check this website from AVTest, an independent institute that researches anti-malware products. They regularly research and rate different solutions for Windows, macOS and Android.

Don't download email attachments from unknown senders. Even if you know the sender, but you don't expect the file they send, don't download it. First call the person to check whether they really sent it. Exactly the same applies for links in emails or chats.

Don't download files from torrent sites or use shady streaming sites. In general, don't click on ads on websites. Both the downloads and the ads can be infected with ransomware or other malware.

Update your operating systems. Probably the most devastating ransomware attack was the WannaCry attack in 2017. The impact was so massive because the ransomware was able to spread from one infected device to another in the same computer network. This was only possible because on millions of devices certain security patches were not installed. That's why timely updating is so important.

If you're using Windows 10 there's an integrated feature called Controlled Folder Access. It's part of Windows Defender and can help to protect user added folders from ransomware. "When enabled, Controlled Folder Access will block applications from accessing the protected folders  until Windows Defender deems it safe."

When your machine is infected with ransomware

The moment you see a screen like this you will probably panic. But there are a few things you should keep in mind.

Take note of the type of ransomware (in this example WannaCry). Take a picture with your smartphone for instance. Shut down your computer, disconnect it from the internet and unplug all connected devices from your computer.

If you have backups restore them on another not infected device to see if they're working. When they work do a clean install of the infected device and restore the backups.

If you don't have backups first look on the website of The No More Ransom Project. On this site are decryptors (tools that can get your files back) available for a lot of ransomware variants. Another website that can help to get your files back is this one.

Should you ever pay?

Paying the ransom is really the last resort. If you have no working backups and the files you lost are very important or you're emotionally attached to them, you could consider to pay. But know very well that there are no guarantees when you're dealing with criminals. Worst case you don't get your files back. When you do get them back make sure to backup them now and in any case do a clean install on your machine.

I hope this guide is helpful. If you don't have working backups in place, where are you waiting for!

That's it for today. More security tips tomorrow. In the meantime stay safe online!

John Opdenakker

John Opdenakker

Blogger | #Infosec | #AppSec | Security awareness | Occasional Public Speaker | Cycling | Running | Enjoying life