Your guide for the road ahead
"Everything in life is somewhere else, and you get there in a car."
- E.B. White
Protecting Against Ransomware
Date Published: Mar 25, 2021
Today, there are a good amount of threats aimed at causing damage to your computers, digital devices, and various online accounts. One of those such threats or methods that digital attackers will use is called ransomware, which is a type of malware, and malware is a software that is designed to cause damage and chaos to a computer or computer network.
Ransomware is how it sounds in terms of ransom. Basically attackers will use ransomware to send a virus to a computer and encrypt computer files stopping you from being able to open them. Affected computers and files will then remain this way until some sort of a ransom is paid. After the ransomware is launched, it will try to spread to connected systems, such as storage drives and other computers. Sounds pretty bad huh? Well it can get worse unfortunately.
If a victim does not pay the ransom, the encrypted data and files will typically remain that way making them unavailable to a victim. However, even after a ransom is paid, attackers will at times demand more payments, delete a victim’s data, refuse to decrypt data, or choose not to provide a key to restore a victim’s access. Luckily though, there are steps you can take to prevent ransomware from harming you, but first let’s dive into how ransomware works.
How it Works
In short, ransomware basically finds drives on a system it has been sent to and encrypts files within a drive, usually adding an extension to an encrypted file such as .aaa, .micro, or .encrypted, to show that the files have been attacked. The extension is unique to the ransomware type.
Ransomware is typically sent to a computer through a phishing email or through “drive-by downloads”, which is a download of harmful code that you don’t have to click on or open anything to download. A “drive-by download” can then run malicious code without you doing anything.
Now a phishing email is somewhat easier to avoid, but they often appear as if they have been sent from a legitimate organization or someone you may know. Except, with possible slight alterations in their email address, enticing you to click on a malicious link or open a malicious attachment in an email.
After the ransomware encrypts a file it displays a file or files that have instructions on how to pay the ransom. Once the ransom is paid, the attacker may provide a key to unlock the files making them accessible.
How to Defend
Ransomware is a scary thing, and in some cases, seems like something you can’t defend (mainly regarding “drive-by downloads”). However, there are steps that you can take to prevent ransomware from being installed on to your own computer.
- Readily update your devices: Companies like Apple, often come out with updates for their products to enhance them, fix issues, and patch up anything that could allow an attacker access. Make sure you keep your devices, applications and operating systems (OS’s) up to date and apply any security updates as soon as you can. Applications and OS’s are the most common target of ransomware attacks. Check out Understanding Patches for more info.
- Use caution with emails and links: Be careful when you come across links in emails and entering website addresses. Links and website addresses that contain malicious content may look almost identical to legitimate sites, normally using slight spelling changes, additional special characters, and/or a different domain (ex: .com instead of .gov). A good practice is to hover over links before clicking on them to gain a sneak peek into where they will actually take you.
- Email attachments: The same goes for email attachments. Be especially wary when attachments are compressed files or zip files. If you received an attachment from someone you know that you did not expect or looks suspicious in any way, contact that person to make sure they actually sent it to you.
- Email senders: If an email looks suspicious, try to check to see if it is safe by contacting the sender directly. If you can, use a previous email from the sender that you know is safe to make sure the contact info is correct before contacting.
- Keep your info safe: Before entering personal information into a website, check to make sure the website is secure and the information you plan to enter will be encrypted.
- Stay up to date on cybersecurity: Actively educate yourself and make yourself aware of recent threats and up to date on ransomware tactics. You can find news on phishing attacks by visiting the Anti-Phishing Working Group website and you can also sign up to receive news and tips through Cyber and Infrastructure Security Agency (CISA) product notifications.
- Utilize security software: Install antivirus software programs, firewalls (block unauthorized access), and email filters and keep them up to date.
How to Protect Your Data
When it comes to protecting your data from ransomware and other malicious content attackers may use, be sure to make frequent backups of your system and important files. If your computer or device happens to fall victim to ransomware, you will be able to restore your system to its previous state by uploading your backups back onto your computer.
To ensure the security of your backups, store them on a separate device that cannot be accessed from a network or is not part of your network such as an external hard drive (ex: thumb drive). If you are backing up your computer, be sure to disconnect the external hard drive from the network or computer when the backup is finished.
If Ransomware Finds You
If you notice your computer or network has become infected by ransomware it is important to isolate systems that have been infected by the virus. In order to do this, remove the infected systems from all networks and disable any other potential networking such as Bluetooth, wireless features, and other potential networking features. Also, disconnect any shared or networked drives both wired and wireless.
The next step is to quickly turn off any infected computers and remove them from the network. Do the same with any computers that have not been fully affected by the ransomware. Doing this, may allow for the recovery of partially encrypted files by specialists. Check out Before You Connect a New Computer to the Internet for more tips on how to make a computer more secure before you reconnect it to a network.
Lastly, make sure your backup drives are offline and safe, and if possible, check your back up data with an antivirus program to make sure they are free of the ransomware.
Here is what to do after you have ran through these previous steps:
- Home user: If your home computer or network has become infected with ransomware and you receive a ransomware request, contact your local law enforcement, local FBI office, or local U.S. Secret Service office for assistance and what to do next.
- Company/Organization: If you notice any signs of ransomware, report it right away to your IT helpdesk or security office.
- All users: Change all of your passwords once the ransomware has been removed. Make sure that when you create new passwords they are strong, complicated and very difficult for anyone to guess, including yourself ("Protecting Against Ransomware: CISA", CISA).