One of the hot topics in security lately is Ransomware, and it doesn’t appear to be going away. In fact, new styles and versions are popping up almost every day.
In case you haven’t heard too much about it, Ransomware is a type of malware that uses various encryption methods to prevent access to your own files (documents, pictures, videos, etc.). After your files are encrypted a ransom note, or pop-up window, is displayed requiring payment in order to receive the decryption key so that you can regain access.. Typically it is downloaded as a file through spam or from a compromised website and occasionally through a vulnerability in the network or through an existing exploit-kit (another type of malware allowing access to your system).
The overall goal of Ransomware? – Payment. Even though Ransomware seems to have popped up recently, it has been around for a while. It’s simply become easier to use for attackers and has become much more lucrative, causing it’s increase in popularity.
Early versions of Ransomware would simply lock you out of your operating system and require a wire or mobile payment. These were easy to defeat and not very lucrative.
Ransomware as we know it today is very hard to defeat and with the development of Bitcoin, and other crypto-currencies, it has become one of the easiest ways for a cyber-criminal to make a quick buck. In fact CryptoLocker, one of the first major ransomware campaigns, was estimated to bring in over $3 Million before it was taken down. CryptoWall, another version that has popped up since CryptoLocker, is estimated to have accrued more than 20 Million at this time and still growing.
Why should you care? The use and distribution of Ransomware has become much more widespread and popular and it is very difficult to detect and defeat. A good paid Antivirus will only be able to detect the older versions since they are changing so frequently and unless you enjoy spending hundreds to regain access to your data, you need to know what to look for.
The majority of Ransomware that I have seen has been distributed either through spam email as an attachment or through corrupted downloads. Most of the email attachments are either documents with Macros, see this article, or a java based executable disguised as a program such as Chrome. The corrupted download are usually torrent downloaded files.I highly recommend scanning every download or email attachment with your antivirus before opening or running it on your system.
If you happen to be infected, the encryption used by most of these viruses are very hard to beat. there are only a handful of ransomware viruses that have decrypting software available for them. Without an available decryption program, your only options are to pay the ransom or do a system restore from your last backup. That being said, a frequent backup is ultimately the best defense. Just be sure to backup to an external drive that is not left plugged in to your computer or your network.
Now, unless you are a business owner, I’m not suggesting that you do hourly or even daily backups of your data. But maybe do a back up each time you finish uploading a bunch of videos and pictures from your latest family gathering or after completing and saving some important documents that you’ve been working on. Another good recommendation, as long as you don’t have too many gigabytes of important data to backup, is to keep copies saved to a cloud based storage. Using something like Google Drive for documents is a good idea because in the event you are hit by Ransomware, you can still access them anywhere you can access your gmail.
Later on I may write up a post that gets a little farther into the weeds about how Ransomware works but for now I just want you to be aware of it and how to protect yourself from it. So, always have your Antivirus software up to date and if you don’t have one already, get an external hard drive to start backing up your data.