Ransomware is some sort of malware that can attack, the user, either by preventing or limiting your access to your system or by locking your files until you’ve paid the attackers a ransom. You now know where the term “ransomware” emanates from, right?
Currently, there are more complex ransomware families, all of which are categorized together as “crypto-ransomware”. These ones are more modern and they launch attacks on users’ systems before they demand a ransom. One they have infested your computer, they encrypt your files before forcing you to part with a ransom, usually paid through bitcoin and other online payment methods.
Cameron Call, with Las Vegas IT consulting company, NSA offers the following advice for organization struck with ransomware.
Paying the Ransom
As we’ve just said, ransomware is usually meant to squeeze money out of you. When you make a payment to the attacker’s wallet, you get a decrypt key, of course. But, is there a fixed ransom price or payment? Or how much should you pay to get a decrypt key?
Well, prices vary, of course depending on how hungry your attacker is. It also depends on the current exchange rates of fiat and bitcoin. It is highly advised that you desist from boasting about the crazy riches you’ve accumulated thanks to cryptocurrency. Why? Attackers might just be on your timeline and guess what? They may start planning how to attack you and demand huge ransom payments out of your bitcoin riches!
Since crypto offers adequate anonymity, ransomware attackers prefer bitcoin payments to other forms of online payment. Recent ransomware operators are reported to be demanding payments through Amazon gift cards and iTunes. So, is there a guarantee that you’ll get a decrypt key after paying the attackers? No. They might even demand more money to grant you access to the hostage files.
The behavior of Ransomware Attack
Being one of the worst menaces on the internet today, ransomware is even easier to detect. You just need to look out for certain behaviors that speak ransomware infection.
Cybercriminals use botnets to launch ransomware attacks en masse. They send out millions and millions of phishing emails every second after which they begin lurring an internet user to open a mail. Their emails are very convincing and that is why unsuspecting users fall prey to such schemes. Once you open a malicious attachment, the criminals will encourage you to enable macros to view the contents of the attachment. It’s at this point that the hidden code encrypts your files, leaving you at the mercy of the crooks.
Hospitals and healthcare organizations are the softest targets for ransomware attacks and the reason is simple- they’re always willing to pay. Just like hospitals, losing data can be a matter of life and death, so learn to stay safe and secure against such attacks.
Now that you’re already in the know about what ransomware attacks entail, let us look at how to protect yourself against them.
- Never click on spammy, unverified links. Once the link plants a hidden ransomware code on your computer, it will lock your OS and files before leaving behind a ransom demand note.
- Never open email attachments from senders you don’t trust. Look at who the sender is and confirm that the address is correct. Above all, avoid opening attachments that request you to enable macros in order to edit a document.
- Don’t download from untrusted sites. This is a no-brainer but it’s worth saying. Only download from a site you can trust. Simple!
- Never share personal data
- Leverage mail sever filtering and scanning
- Stay away from any USBs you find at the mall- it’s a trap!
- Always update your OS to benefit from the latest security enhancements.
- Use security tools such as Avast and Kaspersky.
- Secure your internet using a VPN
Responding to Ransomware
First of all, isolate your device and don’t pay the criminals even a single buck. Just like in any other hostage situation, it’s best not to pay or even negotiate with criminals because there’s no guarantee that they’ll allow you access to your files. Next, start the process of removal.
Step 1: Disconnect your computer from the internet to stop spreading of the attack to other devices.
Step 2: Run a security scan using internet and hardware security software such as Avast and Kaspersky. These two software have ransomware decryption tools.
Step 3: Restore your files from backup