Protect Yourself From Ransomware Attacks

Ransomware is a growing threat! Don’t be a victim.

Our client Bill received an email with an invoice attached. He clicked on the invoice to open it and quickly bypassed a couple of warning pop-ups. Immediately, some malicious code contained in the invoice file started encrypting all documents, PDF files, music and photos on his computer.

Worse, the code encrypted some files on his company’s server that he had access to, and looked for backup drives, and other computers on the network to attack.

Bill was a victim of ransomware. To see how Bill’s ransomware attack concluded, read on…

What is Ransomware?
Ransomware is malicious software that encrypts files on your computer, backup drives and network. After your files are encrypted with an UNBREAKABLE code, the criminals will ask for payment (ransom) to unlock your files.

The use of ransomware is increasing dramatically, because it’s profitable. There’s no way to know how much money the criminals are taking in, but even published accounts (a very small number of actual incidents), quote tens of millions of dollars of ransom paid in 2015.

According to FBI Cyber Division Assistant Director James Trainor, “There’s no one method or tool that will completely protect you or your organization from a ransomware attack. “But contingency and remediation planning is crucial to … recovery and continuity—and these plans should be tested regularly.”

How does ransomware infect computers?

1. Email attachment: This is the most common method. An email comes in with a legitimate-looking attachment, such as an invoice, fax, or photo. The user is tricked into clicking on the attachment and allowing a program to run.

2. Link to a malicious (or hacked legitimate) website. If your computer is using outdated software, the website will try to install the malicious software without your knowledge, by exploiting a known vulnerability in software like your browser, Java, Flash, etc.

FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

How can I protect myself from ransomware?

1. The best defense is knowledge. Don’t click on any unverified email attachments.  This alone will stop most ransomware dead in its tracks. Don’t bypass macro security prompts.

2. Backup your files, both locally and online. If the ransomware encrypts your files AND your local backup, you can usually recover from online backup. One of the great features of most online backup services is that they save versions of your files. If the current version is encrypted, you can recover an older, unencrypted version.

3. Keep your operating system and other software updated. Many viruses and ransomware will exploit known vulnerabilities-most of which have been fixed with updated software.

4. Disconnect your backup drives when not is use. If the backup drive is connected when the ransomware hits, it will try to encrypt your backups.

5. Use several layers of malware protection. Anti-virus software alone (especially free versions) is not enough.

6. Use anti-malware software, like MalwareBytes, in conjunction with your anti-virus software.

7. Change your DNS servers. DNS servers like Open DNS will not allow your computer to connect to known malicious websites.

8.  Lock down your computer. Login with a standard user account, and create a password-protected Administrator account that you only use for installing software and administrative tasks. This will prevent most malicious software from installing.

9. Disable macros in documents that come through email or the Internet. Article about disabling macros.

How much money do the criminals demand?
The ransom varies, but we’ve mostly seen $300-$800 demanded.

If I pay the ransom, will I get my files back?
Sometimes. There are many cases where the ransom has been paid and no key is returned. Worse, the criminals require you to pay with untraceable currency, like Bitcoins, which are anonymous and charges can’t be disputed.

What should I do if my files get encrypted?
Try to restore your files from backup
Pay the ransom (not recommended).

According to FBI Cyber Division Assistant Director James Trainor, “The FBI doesn’t support paying a ransom in response to a ransomware attack. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom.

Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

  • Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

Home computers and Macs are vulnerable to ransomware
if you are a home computer user or a Mac user, all of the above applies to you.

According to FBI’s Trainor “…home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well

Bill’s story-Continued from above
Bill called us, and we were able to eliminate the malicious code with some virus and anti-malware scans. Luckily for Bill, he had backed up SOME of his files, and we were able to restore them. The files that were not backed up were lost. Bill has since implemented online backup and does not click email attachments.

Resources
FBI Article about ransomware

CERT Article about disabling macros

Open DNS

MalwareBytes