On May 12th of 2017 a ransomware attack known as WannaCry was unleashed in Europe and spread worldwide in epic proportions. By May 24th 2017 more than 200,000 people in 150 countries were held hostage by this malicious attack. Surprisingly, the WannaCry developers shed a few tears of their own as they are reported to have made little more than $50,000 from the scheme.
WannaCry might not have created the major, global shutdown initially reported, but to those who fell victims to it, there were devastating consequences. What WannaCry did accomplish was to make computer users more aware of the potential threat of having their computers and files held hostage by ransomware. We’re going to examine ransomware in this article and then provide you with eight lines of defense for ransomware prevention.
What is ransomware?
Ransomware is the name that was given for a specific type of access denial malware, which infects a victim’s computer, captures hard drive data and holds that data hostage until a ransom is paid in order to have the malware removed from the victim’s system. In some forms of this type of malware, a certain amount of time is allowed before files on the victim’s hardware are destroyed and/or the amount of the ransom is increased.
Besides hard drive encryption and file destruction, ransomware can also threaten to publish copyrighted or proprietary data stored on a computer’s hard drive as well. Initially known as extortion malware, it first began to show up in the late 1980s, originated in Russia and was initially passed through Trojan viruses.
The current resurgence of the encryption type of ransomware, like WannaCry, came into prominence in about 2013. Since that time, there has been an epidemic of ransomware cases in various forms and types.
What types of ransomware are out there?
There are, essentially, four different types of ransomware making their rounds and infecting computers worldwide. Here is a list of the four types and their most notable examples:
• Encrypting ransomware. Utilizes cryptography or a cryptovirus to make files or filenames unreadable until the ransom is paid. The very first ransomware was of this type and known as the AIDS Trojan. Others of this type are: CryptoLocker, CryptoWall and TorrentLocker.
• Non-encrypting ransomware. A ransomware Trojan called WinLock, which restricted access to one’s computer by displaying pornographic images on the screen until the ransom was paid. Examples of this type are Reveton, GitHub and SourceForge.
• Leakware. With this type of ransomware, the system kidnappers threaten to publish or release certain sensitive, copyrighted or proprietary data stored on the system’s hard drive unless the ransom is paid.
• Mobile ransomware. The Android platform is the most common target for this type of ransomware. These types of malware are typically passed through third party downloads. Fusob is the most recognizable example of this type.
How does ransomware get on your computer?
In essence, ransomware enters your computer whenever you visit a malicious website or a website which has been hacked and download something or click on a specific link where the malware is located. The malware then takes up residence inside of your computer and begins to do its damage. There are typically five avenues of entry to be aware of:
• Spam emails are one of the most common means. Typically, an attractive offer, which sounds too good to be true, is made enticing you to click on a link or download a special file. Threatening emails, which threaten some sort of legal action, are another favorite way users are enticed to download ransomware.
• Infected removable drives. Before the internet, this was the primary way of introducing this malware into your computer. It can still be done through infected thumb drives and USB drives.
• Bundled with software that you download from third party sites. You might be getting a program for free or at a major discount, but you also might be getting a few surprises along with it.
• Hacked or Compromised websites can also have malware lurking in their links, especially in their download links.
• You can also get ransomware from other malware, which has something of a multiplying action built into it.
Why doesn’t my antivirus software pick it up?
The name of the game in ransomware is to go undetected by the screening forces which look for potential threats. Those screening forces are antivirus software, those who search for and develop antivirus software, and military and law enforcement agents. Essentially, there is a constant battle between malware developers and these screening forces.
There are several tactics used by malware developers in order to remain stealthy, in general, that list includes: encrypted communication in network traffic, building in anonymity, domain shadowing, polymorphic or mutating behavior, and the ability to remain dormant until a certain time or activity causes them to become active.
Antivirus and adware protection software can help keep known malware and ransomware infections from getting into your file system and holding you hostage, but there are eight more lines of defense which you can make use of to protect yourself from new or unrecognized infections.
1st line of defense:
Backup your files twice
Ransomware prevention begins with backing up your files in both an external hard drive and in an online, cloud-based location. Why is this important? It is important because by backing up your data, you remove the teeth of the kidnapper’s threat. If you make backup copies of your data, then you can eliminate the threat through aggressive means, like reformatting your drives, without having to be concerned about the lost data.
There are advantages to backing up your data in both locations as well. An external drive, which can be attached for a backup session and then disconnected, is less likely to retain the malware that has entered your computer through internet exposure.
A cloud-based location like CPROU Backup, Crashplan, Carbonite, Backblaze, etc. is typically protected against ransomware and malware. However, you should notify your backup company immediately that you were affected by ransomware. They will usually have a procedure to roll your backups to a previous point in time. No matter which way you are backing up. Please be sure you are testing your backups.
2nd line of defense:
Update operating systems, adware protection
and software applications regularly
Operating systems, adware and anti-virus protection and software application developers are constantly searching for and screening new malware threats. Most of the updates that you receive from these developers are specifically designed to deal with those new threats. By keeping your operating systems, protection software and other software applications updated, you will protect yourself from known threats.
Make it a regular habit to check for software updates to your most commonly used software and be certain to download and install operating system and protection software updates as soon as you’re made aware of them.
3rd line of defense:
Login to your computer as a guest user
Most of us tend to login to our computers via the administrative user account. In fact, a large number of people don’t even know that they have any other option. When you login to your computer and then access the internet, you potentially expose all access to your computer’s administrative functions to malware and ransomware. The administrative user account is where these programs can do the most damage.
Instead of using the administrative user account to login, create a separate, guest user account for regular, daily use. As a guest user, access to the administrative and critical functions of your computer’s main operating system is limited. It’s not only limited to you, but it is also limited to anyone else who tries to gain access into your file systems. Consult your computer’s operating system guide for the proper way to create a guest user account.
Whenever some administrative function needs to be performed, you can login to your computer under the administrative account, perform the function, and then logout again, but be careful not to expose your administrative account to the internet.
An alternative would be using a program such as Deepfreeze which would revert your computer back to its previous state when you restart your PC.
4th line of defense:
Microsoft Suite macros should be turned off
Word, Excel, PowerPoint, Publisher, etc. are favorite targets for malware and ransomware developers. Why are they favorite targets? It is because almost every computer has them and almost every computer user utilizes those programs on a regular basis. In fact, a large portion of the copyrighted, proprietary and other sensitive information is created and easily accessed through these programs.
Do you know what a macro is? Don’t feel bad, your common computer user doesn’t. Most computer users don’t even know that the programs they are using have macros, let alone whether or not they actually use them. Malware developers are well aware of that and often use macros like a thief would slip in through a window in order to infect your computer.
More than likely, you’re not using macros in your Microsoft Suite programs, but they might be turned on by default. Make use of this link to familiarize yourself with macros and their potential dangers and avoid using them as much as possible.
5th line of defense:
Remove key plugins
Adobe Reader, Adobe Flash, Silverlight, and Java are essential plugins for performing certain online functions. So, why on earth would I want to remove them from my browser or browsers? Recent ransomware attacks have been hitching a ride into your computer system on the backs of plugins. In some cases, ransomware downloads have posted as Adobe Flash or Java updates in order to get you to download them.
You probably do use Java and Adobe Flash for games and other online applications, but allowing them to remain open when they are not in use is what exposes you to potential abuse. By eliminating them as the default setting in your browser, you remove that potential abuse. You can configure your browser settings to ask for permission to use these plugins when necessary. It’s an extra step in starting up your game, but that extra click has the potential of saving you hundreds of dollars.
6th line of defense:
Increase browser security and privacy settings
We often lower security and privacy settings in our browsers in order to make use of the convenience of cookies for faster browsing and in order to avoid playing twenty questions while we browse. It is tedious to have to play traffic cop every time you browse the internet, but increasing the security and privacy settings in your browser to a high level is one of your best lines of defense against potential ransomware attacks.
7th line of defense:
Never open spam email and don’t click on links
The last two lines of defense don’t have to do with computer settings, but with online behaviors. Most email platforms in our modern age catch spam as it enters your email account and they automatically shuffle those emails into a spam folder or straight to the trash can where they belong. If you use an email platform which has the option of automatically detecting and sorting out spam, make use of it, but be aware that these programs are not foolproof.
What tends to happen with spam is that it doesn’t meet all of the parameters set up by the program or those set by you as you identify particular email messages as spam. When these spam emails slip through that filtering system and surprise you is where the greatest potential threat lies. Additionally, you sometimes have to go look in your spam folder for potential legit emails.
Just because the offer looks exciting or looks like a threat in the subject line, DO NOT open it. Some of these email offers might be legit, but do you really want to take that risk?
8th line of defense:
Never download ANYTHING from ANY email
Your 8th line of defense, which might actually be your first line of defense depending upon your typical downloading practices, might seem a little bit hardcore. Is paying $300, $600 or $1,000 dollars to ransom back your computer a little bit more hardcore? Now that you’re paying attention, let’s back off from using the words, never, anything and any.
Good business and social practice dictate that there is some form of legitimate communication or relationship developed before one enters into the sharing of files with another person. Under normal circumstances, downloading files or clicking on a link that came in your mother’s email is okay, but ransomware and malware have a tendency to penetrate into and be passed between users with legitimate relationships without the sender’s knowledge.
To protect yourself against, being surprised by the ransomware virus hidden in Aunt Sophie’s email message or even a that of a business colleague, be sure that you know what you are about to open or download. If you have questions or suspicions about any email or attachment, take a few minutes to contact the sender and ask them what they sent to you.
The takeaway to this last line of defense, and all eight of them, really, is to be on your guard and paying attention to what you allow to enter your computer.
Bottom Line Summary
Here’s the bottom line. Ransomware is not something against which you have to flounder in a helpless panic. By knowing what ransomware is, what it does, how it attacks and where it comes from, you can use common sense measures to protect yourself against it. Those common sense measures, which should be a regular practice for all computer users, are summarized here:
1. Backup twice on an external hard drive and a cloud-based platform.
2. Update your operating system, adware protection, and software apps regularly.
3. Login into your computer as guest user instead of an administrator.
4. Turn of Microsoft Suite macros
5. Remove plugins like Adobe Reader, Adobe Flash, Silverlight, and Java.
6. Increase browser security and privacy settings.
7. NEVER open spam email and certainly don’t open any links in them.
8. Don’t download any email attachments unless you definitely know what it is.
By following these eight common sense measures you can greatly reduce the likelihood of being victimized by ransomware. Make use of these ransomware prevention tips now before disaster strikes. For questions and comments concerning ransomware and ways to protect yourself against it, feel free to comment in the section below.