Ransomware on the Incline: Don't be a Victim

What is Ransomware? What to do if you fall victim. And how to prevent it.

Since we’re right in the heart of National Cyber Security Awareness Month, we’d like to raise a little bit of awareness about ransomware, a method of cyber extortion that’s seen increased popularity among criminals this year.

 

What is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. If your computer is infected, the software could lock your computer screen, hack the system to encrypt your files, or completely block you from accessing any documents. You’ll be asked to pay a ransom to regain access to your system. According to Robert Lemos of Eweek, the average loss from these attacks in the first half of 2016 was $2,000, which was up from $650 the year before.

In September, the FBI released a public service announcement urging people to report instances of ransomware to help combat these attacks. The PSA states, “New ransomware variants are emerging regularly…Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.”

These attacks can affect businesses of any size, and even individuals can be targeted. “No one seems immune, whether users of Microsoft Windows PCs, Macs, Linux, or other platforms,” says Reid Goldsborough in his article “Protecting Yourself From Ransomware.” This is precisely why we feel the need to raise awareness. It’s clear this problem isn’t going away. And it’s bound to keep growing, unless we all act against it.

 

What Does a Ransomware Attack Look Like?

Ransomware can be installed without your consent in a variety of ways. Among the most common is through an email attachment that at first appears legitimate. For example, you may get an email that’s supposedly from your mother, your son, your spouse, a co-worker, or an old friend of yours. If you open the attachment, the software may be installed on your system.

Once you’ve been infected, usually some kind of error message will appear on your screen telling you your files have been locked and you must pay a fine or buy a license for software that will decrypt your files for you. These messages can look very legitimate, even claiming to be from the FBI themselves and threatening arrest if the fine is not paid. Note that these are indeed not legitimate notices from the FBI or the police. No legitimate agency will demand a fine to unlock files on your computer.

The attackers will demand payment in bitcoin, a kind of digital currency, and you’ll be given a short timeframe to make the payment. In doing so, the attackers are trying to rush you, to throw your rational thinking out the window so that you’re more likely to pay. But you shouldn’t make the payment.

 

What Should I do if I Fall Victim to Ransomware?


Ransomware Bad Time MemeAttacks like this are scary. There’s no doubt about it. You will be tempted to make the payment, especially if it doesn’t seem like a lot of money. But you absolutely should not pay if you can help it.

The problem with paying the ransom is two-fold. Firstly, by paying, you are perpetuating this kind of crime. When ransomware works for criminals, they are more likely to continue doing it to other people. If they stop getting paid, they’ll stop taking the risk.

Secondly, sometimes the attackers never decrypt your files. They take your money and run, so to speak, leaving you out perhaps a few hundred dollars, or in some cases thousands of dollars, and still with a useless system.

The first thing you should do if you fall victim to a ransomware attack is take a breath and relax. It may sound counter intuitive, but you have to remain calm and keep thinking rationally. This is not the sort of problem you can handle with rash action. If the attack affects a work device and/or your coworkers, notify your supervisor and all those affected immediately. Then, if you can, walk away from your computer for a little while to gather your thoughts.

Once you’re calm and ready to tackle the problem, you should report the attack to the FBI. You can do this by going in to your local FBI office or by filing a complaint with the Internet Crime Complaint Center at www.IC3.gov. The FBI’s PSA linked to above says you should be prepared to give them the following information:

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

After you’ve reported the case, you may be able to decrypt your files without losing data or paying the ransom. Whether or not this is possible will depend on the particular virus, so it will take some research to determine if your virus can be reversed. There are various resources available online that can help you figure out what you’re dealing with and give you tips on how to beat it.

If the virus can’t be removed and you still haven’t paid the ransom, it’s time to determine whether or not you can afford to lose what’s been locked by the virus. In “When Hackers Attack,” Avner Levin, Director at the Privacy and Cyber Crime Institute at Ryerson University recommends, rather gloomily, that “whatever you lose, you have to accept that you don’t have it any longer and continue with your business...It’s a brutal suggestion, but the best thing to do is pick up the pieces and move on.”

Of course, sometimes data has been affected that you just simply cannot afford to lose, at which point, paying the ransom may become the only option. The best thing you can do, however, is exhaust all other possible options before paying.

 

How to Protect Against Ransomware Attacks

You should have robust and up-to-date antivirus and antimalware programs installed on your computer. Either do regular updates on this software manually, or set up automatic updates. But just staying up to date on your antivirus software isn’t enough. You should keep your operating system, applications and other softwares, and firmware up to date as well. Operating system and application providers regularly release security updates for their latest versions, so they are the most protected against viruses.

Pay close attention to what you’re opening on your email. Many times emails coming from unsuspicious people can become suspicious when you read the subject line or the text of the email. If there are misspelled words, or there’s an unprecedented sense of urgency revolving around opening an attachment, stop and consider that this might be an attack. If you receive a fraudulent email from a trusted sender, notify the sender immediately by other means.

Be mindful also of what you click online. Only download items from trusted sources and visit only websites you trust.

You should also keep regular backups of your data. If you are hit with a ransomware attack, the best way to recover your data without having to pay the ransom is through a backup. And it’s also important to keep these backups secure. It’s best to have encrypted backups kept separate from your computer or secure cloud backups.

Businesses can protect themselves other ways as well. For example, training employees on how ransomware works and best practices to avoid infection. Keeping security policies for your employees to follow so that their individual computers are regularly updated with the latest software and operating system updates.

Maintain a limited access policy for your data. This means that files are only made available to employees that absolutely need access to them.

Remember that Wildcard offers cybersecurity strengthening services including various means of encryption and protection against attacks like ransomware. We offer free website and security reviews to businesses and organizations of any size that are curious about their level of security. Contact us for more information today. And help us continue to spread awareness of cybersecurity throughout the month of October by sharing this post.


 References

Goldsborough, Reid. "Protecting Yourself From Ransomware." Teacher Librarian 43.4 (2016): 70-71. Web.

Lemos, Robert. "Ransomware Surges In 2016 First Half, Trend Micro Study Finds." Eweek (2016): 1. Web.

"When Hackers Attack." Canadian Business 89.10/11 (2016): 13. Web.

“Ransomware Victims Urged to Report Infections to Federal Law Enforcement.” Internet Crime Complaint Center; FBI. IC3.gov. (Sept. 15, 2016). Web.