Ransomware is very much the most virulent of modern cyber plagues. It is spreading rapidly, it draws no distinction between victims and when infected it can be deadly, often with little hope of recovery unless you take steps to protect yourself.
2016 was dubbed the ‘year of ransomware’ by security researchers. In the first three months researchers discovered 2,900 new ransomware malware modifications and an estimated $1 billion was lost
as victims paid up.
It’s easy to see why it has become so popular among cyber criminals; it’s potentially very lucrative, relatively risk free and it’s easy to carry out ransomware campaigns.
Ransomware infects a computer with hard-to-break encryption locking up all the files and demands a ransom typically in the region of €500 to free the computer again. This extortionate payment is for the decryption key.
Another reason for its growing popularity is that ransomware creators are offering it ‘as-a-service.’ This means fraudsters simply hire ransomware for free and use a raft of support services to launch their campaigns. It’s appealing to the criminals because they don’t require technical skills and the coders provide wrap-around services such as botnets
to launch their campaigns from.
The coders who create the ransomware typically ask for a fee of 20% of the ransom payment. So if the fraudsters generate €500,000 in ransom, the coders receive €100,000. The actual fraudsters may be based in Eastern Europe while targeting the US or Western European countries making it extremely hard for law enforcement to catch them.
The overall annual cost of global cybercrime was estimated to be $3 trillion in 2015 and this is expected to double to $6 trillion a year by 2021
. Ransomware payments are set to make up a substantially larger percentage of cybercrime costs over the next few years.
So how do you avoid this nasty malware? There are several basic steps you can take to ensure you’re not infected.
Avoid suspicious emails and links… like the plague
One of the main method crooks use to spread their ransomware is through phishing attacks
, that is emails that you never expected. The emails may look legitimate but they often hide a malicious attachment or malicious link. If you open the attachment or click on the link your computer is infected without you knowing much about it.
The fraudsters are creatively clever in devising phishing campaigns and the emails will typically offer something. The message could be about an unpaid invoice, a parcel that needs collecting or an offer that is too good to be true.
Malvertising is also another method that fraudsters are increasingly using and instances of it are growing rapidly
. It involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you trust. For instance malvertising attacks have been directed at both the New York Times and BBC.
So the watch word should be ‘watch out’. Ad blockers
can also be an effective way of blocking malicious ads though some websites won’t provide content unless you turn the ad blocker off.
Patch and update software and operating systems – run security software
It’s important to keep browsers, software and operating systems up to data. Hackers are adept at exploiting vulnerabilities; in fact a large part of the world of cyber-crime depends on it. This also means ensuring third-party plug-ins like Java and Flash, if you use them, are also kept up to date.
And of course good security software
is absolutely essential. Security software should include layered protection that incorporates both signature-based detection and zero-day detection.
Zero day protection
is absolutely essential because it identifies new threats as they are released, such as ransomware that has been tweaked to avoid signature-based detection defences.
Good security software will also identify phishing attempts and malware embedded into advertising, flagging these risks up to you before you click on a link or an ad.
Back up your data
Back up your data on a regular basis so if your computer is locked up you don’t have to pay a ransom to get your data.
Ransomware thieves have been widening their attack vectors over the past year, in particular many NHS organisations in the UK
have been hit, healthcare organisations in the US and businesses across Europe too. However, individuals are still targets and also small businesses.
As you can imagine losing access to your precious files, whether they are work documents, invoices, orders, spread sheets even photos and music files, can be devastating. There are many instances of individuals and small businesses losing access to years of files and thousands of documents. Some ransomware attackers cunningly search out back up systems
too so these can be encrypted and locked as well.
So consider these back up approaches if you want to keep your data safe;
- Back up to a cloud service, fraudsters can’t reach these and it means you can always access your data from another computer should you become a victim to ransomware
- Back up offline so data is not reachable from the machine that is infected. For instance you can do this with an external hard drive. However the drive should only be connected to the computer when doing the backup and then disconnected. If your backup drive is connected to the device at the time the ransomware runs, then it would also get encrypted.
Backing up your data won’t make the act of being hit by ransomware any less painful, however, it does mean that you don’t have to give into the fraudsters ransom demands because you have a copy of your data elsewhere.
What to do if you’re infected with ransomware
It should be possible to defeat all ransomware by immediately disconnecting your PC from the internet following an infection, reformatting the hard drive, and reinstalling everything from a backup.
However, this could be tricky given that different operating systems require different approaches and of course you need a degree of technical aptitude and willingness.
For instance with the Windows 8, 8.1 or 10 operating system ‘Restore factory settings’ could solve the problem, if you can get to it. You can also try typing ‘reinstall’ in the Windows search box, then click on ‘Remove everything and reinstall Windows’.
There are other approaches too though it might be simpler to run a ‘rescue disk’
from a USB stick or CD/DVD which should be simpler than trying to navigate the various options in Windows. Alternatively, you can also pop down to your local computer shop and have it bring your computer back to life. It might cost a little but it will save you a headache.