Ransomware on the Incline: Don't be a Victim
We’d like to raise a little bit of awareness about ransomware, a method of cyber extortion that’s seen increased popularity among criminals.
What is Ransomware?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. If your computer is infected, the software could lock your computer screen, hack the system to encrypt your files, or completely block you from accessing any documents. You’ll be asked to pay a ransom to regain access to your system. According to Robert Lemos of Eweek, the average loss from these attacks in the first half of 2016 was $2,000, which was up from $650 the year before.
In September, the FBI released a public service announcement urging people to report instances of ransomware to help combat these attacks. The PSA states, “New ransomware variants are emerging regularly…Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.”
These attacks can affect businesses of any size, and even individuals can be targeted. “No one seems immune, whether users of Microsoft Windows PCs, Macs, Linux, or other platforms,” says Reid Goldsborough in his article “Protecting Yourself From Ransomware.” This is precisely why we feel the need to raise awareness. It’s clear this problem isn’t going away. And it’s bound to keep growing, unless we all act against it.
What Does a Ransomware Attack Look Like?
Ransomware can be installed without your consent in a variety of ways. Among the most common is through an email attachment that at first appears legitimate. For example, you may get an email that’s supposedly from a family member, old friend, co-worker, client, or even the CEO of your company. But when you try to open the attachment, the malicious software is then installed on your system.
Once you’ve been infected, some kind of error message will usually appear on your screen, telling you your files have been locked and you must pay a fine or buy a license for software that will decrypt your files for you. These messages can look very legitimate, even claiming to be from the FBI themselves and threatening arrest if the fine is not paid. Note that these are indeed not legitimate notices from the FBI or the police. No legitimate agency will demand a fine to unlock files on your computer.
The attackers will demand payment in bitcoin, a kind of digital currency, and you’ll be given a short time frame to make the payment. In doing so, the attackers are trying to rush you, to throw your rational thinking out the window so that you’re more likely to pay. But you should never make a ransom payment.
As a cybersecurity firm, Wildcard has a lot of experience dealing with and stopping cyber attacks. You can read about how we saved a client a lot of time and ransom money when their system was under attack by ransomware. Read the full story: How Wildcard Protects Clients from Ransomware.
What Should I do if I Fall Victim to Ransomware?
Attacks like this are scary. There’s no doubt about it. You will be tempted to make the payment, especially if it doesn’t seem like a lot of money. But you absolutely should NOT pay if you can help it.
The problem with paying the ransom is two-fold. Firstly, by paying, you are perpetuating this kind of crime. When ransomware works for criminals, they are more likely to continue using it to attack other people.
Secondly, sometimes the attackers never decrypt your files. They take your money and run, so to speak, taking your money and leaving you to deal with a useless system.
The first thing you should do if you fall victim to a ransomware attack is take a breath and relax. It may sound counter intuitive, but you have to remain calm and keep thinking rationally. This is not the sort of problem you can handle with rash action. If the attack affects a work device and/or your coworkers, notify your supervisor and all those affected immediately. Then, if you can, walk away from your computer for a little while to gather your thoughts.
Once you’re calm and ready to tackle the problem, you should report the attack to the FBI. You can do this by going in to your local FBI office or by filing a complaint with the Internet Crime Complaint Center at www.IC3.gov.
The FBI’s PSA linked to above says you should be prepared to give them the following information:
- Date of Infection
- Ransomware Variant (identified on the ransom page or by the encrypted file extension)
- Victim Company Information (industry type, business size, etc.)
- How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
- Requested Ransom Amount
- Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
- Ransom Amount Paid (if any)
- Overall Losses Associated with a Ransomware Infection (including the ransom amount)
- Victim Impact Statement
After you’ve reported the case, you may be able to decrypt your files without losing data or paying the ransom. Whether or not this is possible will depend on the particular virus, so it will take some research to determine if your virus can be reversed. There are various resources available online that can help you figure out what you’re dealing with and give you tips on how to beat it.
Protecting Your Network
The FBI Ransomware Prevention and Response report recommends that organizations follow these steps to protect your network if a device becomes infected with ransomware:
- Isolate the affected computer immediately. Removing an infected computer from a larger network and prevent ransomware from potentially infecting other network devices or drives.
- Isolate or power-off affected devices that have not yet been completely corrupted. This may provide more time to potentially recover data, contain the damage, and prevent worsening conditions.
- Immediately secure backup data or systems by taking them offline and ensure they are free of malware.
- If available, collect and secure partial portions of the ransomed data that might exist elsewhere.
- Change all online account passwords and network passwords after removing the infected system from the network.
- Delete Registry values and files to stop the program from loading.
The Last Resort...
If the virus can’t be removed and you still haven’t paid the ransom, it’s time to determine whether or not you can afford to lose what’s been locked by the virus.
In “When Hackers Attack,” Avner Levin, Director at the Privacy and Cyber Crime Institute at Ryerson University recommends, rather gloomily, that “whatever you lose, you have to accept that you don’t have it any longer and continue with your business...It’s a brutal suggestion, but the best thing to do is pick up the pieces and move on.”
Of course, sometimes data has been affected that you just simply cannot afford to lose, at which point, paying the ransom may become the only option. The best thing you can do, however, is exhaust all other possible options before paying.
How to Protect Against Ransomware Attacks
1. Keep Your Systems Updated
You should have robust and up-to-date antivirus and anti-malware programs installed on your computer. Either do regular updates on this software manually, or set up automatic updates. Even then, just staying up to date on your antivirus software isn’t enough. You should keep your operating system, applications and other software, and firmware up to date as well. Operating system and application providers regularly release security updates for their latest versions, so they are the most protected against viruses.
2. Limit Access
Maintain a limited access policy for your data. This means that files are only made available to employees that absolutely need access to them.
3. Keep Backups
You should also keep regular backups of your data. If you are hit with a ransomware attack, the best way to recover your data without having to pay the ransom is through a backup. And it’s also important to keep these backups secure. It’s best to have encrypted backups kept separate from your computer or secure cloud backups.
4. Avoid Suspicious Emails, Links & Downloads
Pay close attention to what you’re opening on your email. Many times emails coming from unsuspicious people can become suspicious when you read the subject line or the text of the email. If there are misspelled words, or there’s an unprecedented sense of urgency revolving around opening an attachment, stop and consider that this might be an attack. If you receive a fraudulent email from a trusted sender, notify the sender immediately by other means.
Be mindful also of what you click online. Only download items from trusted sources and visit only websites you trust.
Businesses can protect themselves other ways as well. For example, training employees on how ransomware works and best practices to avoid infection. Keeping security policies for your employees to follow so that their individual computers are regularly updated with the latest software and operating system updates.
Remember that Wildcard offers cybersecurity strengthening services including various means of encryption and protection against attacks like ransomware. We offer free website and security reviews to businesses and organizations of any size that are curious about their level of security. Contact us for more information today.
Want to learn more about how to protect your digital assets from being lost or stolen? Check out some of our other cybersecurity blogs on Ransomware and Recovery and How to Prevent and Identify Phishing Scams.
Goldsborough, Reid. "Protecting Yourself From Ransomware." Teacher Librarian 43.4 (2016): 70-71. Web.
Lemos, Robert. "Ransomware Surges In 2016 First Half, Trend Micro Study Finds." Eweek (2016): 1. Web.
"When Hackers Attack." Canadian Business 89.10/11 (2016): 13. Web.
“Ransomware Victims Urged to Report Infections to Federal Law Enforcement.” Internet Crime Complaint Center; FBI. IC3.gov. (Sept. 15, 2016). Web.