(Click to enlarge image)
Ransomware is your worst nightmare. It is often the direct result of you:
- going to a web site that you know nothing or little about,
- opening an attachment you know nothing or little about,
- click on a link to go somewhere that you know nothing or little about,
- doing something that, in hindsight, really made no sense at all.
This article provide insight into what it is and some steps you can take besides transferring money to an unknown party hoping they provide you any release codes, or unlock you remotely, or their malware just doesn't start deleting things on your computer because you move to slowly. It is a nightmare.
Ransomware is any virus that infects a computer, encrypts files and threatens to (or
actually does) render the files useless UNLESS the victim pays money for a key code
to decrypt the information.
Sounds horrible? Keep reading!
1. Payment is nearly always in Bitcoins to avoid any traceability and accountability.
Where can you purchase thousands of dollars worth if Bitcoins on short notice
assuming you had the cash available and could move it quickly?
2. The bad guys are protecting their identity with great effort. What happends if
they just take the payment and never provide you the key code you need?
Who are they? What country are they from? Is this a state sponsored attack?
Is there any legal authority who has not been paid protection money by them?
3. What happens if you get the wrong key code? Maybe it's been a busy day for them
and they got confused. Who can you call? Who can you e-mail? No one.
4. You get the key code, apply it, wait several hours and find your files are either still
unuseable or their decryption scheme has a few major bug in it? Your action to get
justice for your losses? It does not exist.
The minute your files start becoming encrypted they own you and your data.
Good practices on downloading files and links is a good first step. Thinking through
items you receive to see if they make sense versus rushing into action is the next.
Finally having a good, trusted, current and readily available backup is the final key.
Begin taking steps to be vigilant and prepared against any virus or malware coming
into your computer. It is not impossible, it just requires thought and good practices.
GOOD PRACTICE STEPS
1. Use EXTREME Caution when Clicking on Links Inside of e-mail
For most software, if you do not see an update multiple times in a week, you
may not be receiving the updates automatically. Set the updates to be sent to
you automatically so you do not fall behind. If you can't figure it out, ask for
help from the software provider's Help Desk. If all else fails, set a DAILY
CALENDAR REMINDER on what needs to be updated that day.
DAY 1 attacks are the concern of many companies as these are attacks sent
where no known protection or removal process exists yet ... a totally new way
to attack computer security. This is why you want daily updates if possible.
Do not let yourself be seen by the Press as the person who helped spread a
dangerous virus, malware or other unwanted software that prevented Police
or Fire dispatching to save lives, prevented on-line medical devices from
operating, or worse ... killed cellular telephones.
3. Busienss Users:
If you own a business, set clear security policies and education your people
A business has so many potential weak points in their security, most of them
being people who did not follow policies and procedures and exposed the
business to potentially significant losses in computer outages, released data
that is confidential or classified, destruction of records including back-ups,
destroyed the the trust between the business and their valued customers. A
need to protect yourself and your business is a legal matter.
4. Back up your files.
Should you be attacked something will be lost but only since the last back up.
Have a "Plan B" to protect against data loss whether it is from Ransomware or
a disk failure or someone made a really big bad mistake. Use external disk
that is kept off-line from your computer EXCEPT during back-ups to reduce
the risk of loss during this period of time. Whether you are a Fortune 100
company or an old desktop computer, the need and processes should be
There are commercial services who can provide this to you at a monthly fee
which often includes a variable cost for amount of data protected. These can
setup for automatic backup. These services can be very costly, often more
than doing it yourself and buying multi-terabyte external disk drives that can
be connected and disconnected easily and quickly. The initial backup of your
computer will be lengthy, potentially many hours to nearly all day. It is less if
you use a local detachable disk drive as you eliminate Internet transfers of all
your data. Restores can also be lengthy unless using a local disk drive. In
the end it is about having strong backup protection, costs, effort to use,
skills required to restore, and time to restore. Using a local disk is simply a
copy from one disk to another ... the rest is handled by Windows.