For the second post in our 30 Days to Better Security series, we discuss the topic of ransomware. The goal of this article is to help you understand what ransomware is and how it spreads, how to best prevent a ransomware infection, and what to do in the case you do get infected. In future posts in this series, we will tackle the subjects of phishing, adware, malware and several other of the most common forms of malware.
You may have heard of WannaCry, a ransomware first seen in May of 2017, that infected hundreds of thousands of computer systems across more than 150 countries. Also known as WannaCrypt, WannaCry is a form of encryption ransomware that encrypts key files of a system and keeps them inaccessible until a ransom is paid.
The cybercriminals who built WannaCry exploited a vulnerability in the Microsoft Windows operating system to launch the attack as a network worm capable of automatically spreading itself to other vulnerable systems over the network. This is what enabled WannaCry to spread so fast across the globe in a matter of hours. While many consumers’ personal computers were infected, WannaCry also infected systems at large corporations, banks, and law enforcement and government agencies, and severely disrupted operations at organizations as diverse as the UK’s National Health Service and Taiwan Semiconductor Corporation. Another ransomware called Petya (and it’s variant NotPetya,) is yet another ransomware that affected users in over 100 countries. To quote a specific example, Merck, the pharmaceutical giant, apparently spent over US $300 million in a single quarter, to deal with an attack by NotPetya.
So, what exactly is ransomware?
As we can see from these recent attacks, ransomware has the ability to quickly spread and cause tremendous damage to the computer systems of both consumers and organizations. But what exactly is Ransomware? In short, ransomware is a type of malware where the attacker takes control of the data in a system and demands the victim to pay a ransom in order to restore access to the data. Attackers often demand that the ransom payment in the form of bitcoin or other cryptocurrencies because the transactions are extremely difficult, if not impossible, to track. And, while its primarily targeted at businesses who are more able to pay large ransomes, it certainly affects individuals as well.
For cyber criminals, the strategy of deploying a ransomware-based attack has historically worked. Victims are often willing to pay to get their critical data back, and this leads to a vicious cycle of new ransomware and variants being launched. For this reason authorities generally discourage people from paying the ransomes, but that is a decision that must be made by each individual and organization.
How does ransomware spread?
As in the case of most malware, hackers and cybercriminals with malicious intent design ransomware to easily spread from one system to another. Malware most commonly spreads via email attachments and links to malicious websites from phishing emails. But, If your PC is connected to the Internet or a company network when a new ransomware attack is launched, you may not need to click or do anything to become infected. As we saw with WannaCry, malware built as network worms can spread directly over the network.
In recent times, servers, Android-based devices connected to the Internet and connected devices with vulnerabilities have also been the targets of and the method of spreading the attacks. Additionally, internet-based file sharing services and e-mail attachments are used by malware developers to spread a ransomware to as many systems as possible.
So, the question is, how does one avoid being a victim of ransomware?
At the risk of stating the obvious, prevention is always better than a cure. At K7, we suggest the following steps to make your systems as secure as possible and reduce the chance of becoming a victim of ransomware.
- Keep all your software up-to-date, including the Windows operating system. Enable automated update features to make it easier to keep your software updated.
- Ensure you have quality security software installed and set to automatically update.
- When in doubt, don’t click on attachments or links in emails from unknown senders or that look suspicious.
- Know your network and all the devices connected to it.
- Businesses should have a “cybersecurity best practices and guidelines document” along with regular security awareness training for employees.
- Keep a backup of all your data, preferably in a secure location (so it’s easy to recover without paying a ransom.)
- Use cloud-based storage to create redundant backups. Do not keep all your files in a single file-sharing service or folder.
While the last two steps are not preventive, it certainly helps minimize post-attack impact, just in case you get caught up in one.
And, what should you do if your PC does becomes infected?
Of course, not all attacks can be prevented. If you’re already a infected, here’s your plan for a first response:
- Disconnect the affected device from the network
- Determine if the data that is encrypted is critical and if there is a recent backup of the data. The normal recommendation is to not pay a ransom, whenever. Having a backup of your data is the best defense against having to pay a ransom.
- Use the latest version of your security software, like K7 Total Security, to clean up the ransomware if a fix or decryptor for that ransomware has been released
- If the installed security software is not able to clean the infected PC, check websites like K7computing.com from another computer for the availability of tools for the specific type of ransomware you’ve been infected by.
- Download and run the specific tool or utility if available. (Be careful however and ensure that you are downloading from a reputable website running https encryption. Otherwise you may end up downloading malware from a malicious website that is claiming to have a fix for the ransomware. )
- Reboot & reinstall your OS
Cyber-criminals are continuously changing their attacks and inventing new methods. Simply put, it is crucial to keep your systems up to date with the latest operating system patches and have a quality security solution with automatic updates enabled. Hopefully this post has shed some light on the topic of ransomware. You now have some practical steps you can take to minimize your risk of infection and a list of things to do if you do become infected.
Our next post in the series will cover the topic of phishing attacks. Till then stay safe.