So you want to know how to protect yourself against ransomware. We’ll go into background details first. Let’s say you are an avid music collector and have a huge database of songs that you love and cherish. You wake up one morning to find an email in your inbox that invites you to download 15,000 free tunes through a new website application. You download the .exe file and suddenly your screen is hijacked by a blinking flashing message.
It is a ransom note delivered by a remote control and command server that has issued instructions to the malicious code in your system. This threatening digital letter asks you to deposit a certain sum of money into an account by a given date. Unless you comply, your system will stay locked and ultimately all the data – including your songs – will be automatically deleted.
We really hope you are reading this article as a precautionary measure because when ransomware strike, there is really no easy way out of the mess.
What is Ransomware?
Ransomware is a special type of malware that strongly encrypts all the data and information on your system to deny you access to files and folders. The decryption key is available only upon paying a certain sum of money or a “ransom” to the hackers who lie low and are almost impossible to detect.
Ransomware demands payment in bitcoins because this digital currency is very difficult to trace.
Hackers and miscreants generally target home-based PC users as opposed to businesses because most companies have already developed a habit of regularly backing up data which defeats the purpose of the extortion attempt.
First Things First…Is There a Way to Escape the Consequences of Ransomware if the Payload Has Already Been Delivered?
There is just one simple solution. You can do a System Restore and take your device back to a clean slate. But under this circumstance, you also lose access to your data. So if you possess an external drive or flash memory as an up-to-date back up of your system, you can thwart the Ransomware.
If you are not in the habit of creating frequent backups, then you are in for a tough time. Even the cyber-crime branch of your local police station won’t be of much assistance.
Why is Ransomware Unique?
To defeat the enemy, it is important to understand it first. Ransomware is defined by the following characteristics:
- The payload file is always delivered as an .EXE unit.
- The malware may not only encrypt your data, it can also extract sensitive personal information like your usernames and passwords.
- Ransomware attempts to “recruit” your infected PC into a botnet from where more devices in your network are impacted.
- It also possesses geo-targeting abilities. Based on your location, the malware translates the ransom note into a language you are likely to be comfortable reading. This improves chances of ransom payment.
Top 5 Pre-Emptive Measures to Protect Yourself Against Ransomware
1. Back up your data. There is no alternative to this. If you have duplicates of everything on your system, you can wipe the slate clean and start afresh. Ensure that your backups are stored in a drive that isn’t mapped by your device. Because if it is, the ransomware may infect your fail safe memory as well. This is why you can’t rely on your Time Machine to bail you out of the situation.
2. Do not execute .exe files from origins you don’t trust. This is highly recommended. Yet so few people actually pay heed to the sage advice. Avoiding suspicious attachments in emails will prevent the malware from delivering and activating its payload.
3. If you feel you have clicked malicious software, immediately disconnect from the Wi-Fi or the Internet. The code needs instructions delivered by the remote command and control server to encrypt your data. In the absence of this connectivity, it lies dormant.
4. Opt for a firewall even if you have a strong anti-virus in place. This is because ransomware is designed to evade the scrutiny of anti-virus programs but it needs to connect to its commanding server for instructions. Any suspicious communication can be picked up by the firewall and your system is alerted.
5. Display file extensions. Some malware like Cryptolocker often have double extensions. “.PDF.EXE” is fairly common. If you enable the setting in your Mac to display all extensions – including the innocuous ones – then you can visually filter suspicious items and delete them before they wreak havoc.
Ransomware is becoming more and more sophisticated. Hackers are no longer computer wizards who sit in their basements and try to earn an extra buck. They are well-organized criminals who invest all their time and creativity in coming up with signatures that can’t be detected. Foresight and prevention constitute the best “cure”.