Beating RansomWare - Protecting Yourself from Digital Disaster
security Sep 10, 2017
The story you’re about to read is true…
Lynn was like many other single mothers: excessively busy, pinching pennies to get by… obviously not the kind of person who has a lot of extra cash lying around. Sure, her computer was old, but functional enough for her needs. And, like many others, she hadn’t stopped to really consider how much she depended on it… and what would be missing in her life if suddenly something were to happen to it.
She knew better than to click on suspicious attachments, but she was expecting a package, and saw a message that she thought was from FedEx. “Click, click…” “Boom!”
“You have been infected, and your files are being encrypted…
“Unless you send $500 in Bitcoins, you will never see your precious memories again.”
In a matter of minutes, all of 10 years worth of documents, pictures, videos, etc. were locked with an encryption code that would take a room full of geeks and a supercomputer months to hack… if it was even possible. She knew she should be backing them up, but just hadn’t gotten around to it. What was she going to do?
Panic started to set in… Like someone frantically trying to save irreplaceable items from rising floodwaters, she tried file after file, thinking she could print things off. But what she didn’t realize is that the more time she spent trying to save things, the more files were being encrypted.
If she had simply unplugged the computer the instant the alert came on her screen, she would have had a better chance of saving at least some of her files. By the time she brought it to me, it was too late.
Sure, it’s easy to play the Monday-morning quarterback and say, “Well, she should have done _________.” But what would you have done in that scenario? I mean, really? Think about all of the things you have stored on your computer.
Would you pay the ransom, or try to find a way around it?
As much as we don’t want to think about something like that happening, perhaps now is the perfect time to think about the possibility of getting ransomware. If you were backing up your files regularly, then you might bet tempted to just wipe the hard drive and start over. But wait! If your backup drive was connected to your computer, it could be encrypted as well. Have a professional check that first!
If you’re lucky, you can use restore tools built in to windows to recover shadow copies of files, but ransomware makers are getting pretty sophisticated, and can even delete those. This is where a cloud backup that uses versioning (saving copies of older versions of your files) can be a life-saver.
But for now, let’s focus on prevention and preparation...
Here are the three things you need to do in order to beat ransomware:
1. Get a strong anti-malware program that specifically includes ransomware protection. My favorite is Malwarebytes. And, if you’re still of the mindset that free anti-virus is enough to protect you, then you’re living in last century. There are thousands of new variants of malware being developed each day! No definition-based antivirus scanner can possibly keep up with that.
2. Keep your computer up-to-date with security patches. This can be controversial—even I have taken a conservative approach to updates in the past—because updates can sometimes break things too. But there are teams of security experts whose only job is to find security holes in Windows, MacOS, Linux, etc., and as soon as those vulnerabilities become public, it’s open season. The only way companies like Microsoft and Apple can respond is to push updates to people as soon as they possibly can.
3. Use a redundant backup system. Most IT professionals will say to keep 3 different backups, and at least one of those should be off-site. That’s where cloud backup really shines. But you need to make sure you trust the cloud backup company, and that they use above-standard security measures. The one I trust is CrashPlan. And remember that cloud=accessible. That means anyone with internet access and your password could access your data. So make it a good one!
As an extra precaution, especially for small businesses, I strongly recommend a next-generation network firewall / intrusion protection system. Ransomware needs an active internet connection, because it has to “call home” to get the security key, or it won’t work. Any security gateway worth its salt will block this communication and alert you if something like this happens.