One of our clients recently got hit by a ransomware attack, and we decided to share some information about this malware.
What is Ransomware?
Ransomware is a type of malicious software cybercriminals use to block you from accessing your data. The digital extortionists encrypt the files on your system, add extensions to the attacked data and hold it "hostage" until the demanded ransom is paid.
How does Ransomware Enter Your System?
Ransomware enters your network in various ways; the most popular is downloading via a spam email attachment. The download then launches the ransomware program that attacks your system. Other forms of entry include social engineering, downloads of malicious software from the web that can be direct from a site or clicking on "malvertising," fake ads that unleash the ransomware. The malware also spreads through chat messages or even removable USB drives.
How to Protect Yourself?
There are several preventive steps you can take to prevent ransomware infection. These steps are, of course, good security practices in general, so following them improves your defences from all sorts of attacks:
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Do not install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software prevents unauthorized applications from executing in the first place.
- Always be suspicious of uninvited documents sent in emails and never click on links inside such emails or documents unless you have verified the source.
- And, of course, back up your files frequently and automatically! That will not stop a malware attack, but it can make the damage caused by one much less significant.
When using cloud backup solutions, you need to understand that ransomware can infect your cloud storage. The reason is that most systems will sync/copy your files from your computer to the cloud.
This is where versioning comes in; the idea is that existing versions of your data are immutable. Since they cannot change, any modification is going to result in a new version. Versioning is, thus, an advantage against ransomware because the encryption attack is effectively going to result in a new version of your infected files.
Yet, not all cloud storage solutions have versioning, or versioning may not be turned on. So we recommend that you verify this with your cloud storage provider.
There are several backup solutions available; some are even free:
- Google Drive
- Microsoft One Drive
- Windows File History
How to Remove Ransomware?
If ransomware infects your computer, you will need to regain control of your machine.
Do not pay the ransom. Keep in mind; you may not get your files back even if you pay a ransom. A cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data. We suggest you contact an IT specialist to assist you with this.
With new ransomware variants appearing, it is a good idea to do what you can to minimize your exposure. Knowing what ransomware is and following these dos and don'ts can help protect your data and personal information from being ransomware's next target.