Ransomware: Cyber Security Expert’s Next Big Threat
Ransomware: A Vital Course on the Next Big Cyber Threat
Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.
Crowti (also known as Cryptowall), and FakeBsod are currently the two most prevalent ransomware families. These two families were detected on more than 850,000 PCs running Microsoft security software between June and November 2015. Another to take note of is known as Fessleak, which attacks Adobe Flash flaws. It is a “malvertising” trend that pushes fileless exploit into memory and uses local system files to extract and write malware to disk from memory.
How Ransomware Paralyzes Your Computing
There are different types of ransomware. However, all of them will prevent you from using your computer normally, and they will all ask you to do something (pay a ransom) before you gain access to your data. Ransomware will:
- Lock your desktop or smartphone and change the password or PIN code
- Encrypt important files so you can’t use them (photos, taxes, financials, My Documents, etc.)
- Restrict your access to management or system tools (that would allow you to clean the computer)
- Disable input devices like your mouse and keyboard
- Stop certain apps from running (like your anti-virus software)
- Use your webcam to take a picture of you and display it on screen or on a social network
- Display offensive or embarrassing images
- Play an audio file to scare you (i.e. “The FBI has blocked your computer for a violation of Federal law.”)
Common Ransomware Demands
- Generally they demand money in order to unlock your system. Usually, they demand payment through an anonymous payment system like Bitcoin or Green Dot cards, and promise to give you the key if you pay the ransom in time (for example, $17,000 to be paid within 72 hours was the demand given to the Hollywood Presbyterian Hospital, which had all of it’s life-critical medical records frozen)
- Sometimes the ransomware shows a “warning from the software company” telling you that you need to buy a new license to unlock your system. Other times, ransomware will claim you have done something illegal with your computer, and that you are being fined by a police force or government agency. These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your computer and files.
How to Prevent Ransomware Blackmail
The best way to avoid downloading malware is to practice good computer security habits:
- Create an offsite backup of your files. Seriously, right now. And make it automatic, so that it happens at least once a day. An external hard drive is one option, but be sure to disconnect it from the computer when you are not actively backing up files. If your back-up device is connected to your computer when ransomware strikes, the program will try to encrypt those files, too. If you have a secure cloud back service that encrypts your files before sending, consider using that as an offsite backup.
- Don’t click on links or open attachments in an email unless you know who sent it and what it is. Instead type the URL of the site you want directly into your browser. Then log in to your account, or navigate to the information you need.
- Make sure your software is up-to-date.
- Don’t download software from untrusted sources.
- Minimize “drive-by” downloads by making sure your browser’s security setting is high enough to detect unauthorized downloads. For example, use at least the “medium” setting in Internet Explorer.
- Don’t open “double extension” files. Sometimes hackers try to make files look harmless by using .pdf or .jpeg in the file name. It might look like this: not_malware.pdf.exe. This file is NOT a PDF file. It’s an EXE file, and the double extension means it’s probably a virus.
- Install and use an up-to-date antivirus solution.
- Ensure you have smart screen (in Internet Explorer) turned on.
- Have a pop-up blocker running in your web browser.
If you Become a Victim of Ransomware
- Stop work! TURN OFF YOUR COMPUTER! Shut down your entire network, if possible until help arrives. You can do this by turning off your switches or routers inside of your premises. Ask your IT professional before taking this step if you think that you might be interrupting service.
- Contact an IT Security firm that can visit your office (or home) in person. Handling this type of problem over the internet is not advised, as it could exacerbate your problem.
- If you have an offsite backup of your data, have the IT Security firm reinstall your backup and clean it of any ransomware before putting the data and computers back on the network.
- Alert other people on your network, as any work completed after infection will be overwritten when the backup is restored.
There is conflicting advice regarding paying ransom. Truly, there is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again. Paying the ransom could also make you a target for more malware. On the other hand, if you have not backed up your files, you may have little choice. Almost 90% of the companies that we have studied as victims of ransomware end up paying the ransom to have their systems unlocked – but only about 50% of them ever receive the unlocking code promised. It’s a gamble, but if you don’t have an off-site backup, it’s probably one you are going to need to take.
John Sileo is an an award-winning author, recognized expert and keynote speaker on cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.