Ransomware is a relatively new and nasty kind of malware. As the name indicates the game is extortion where criminals “kidnap” the data from an individual or a company with the purpose of demanding a ransom from the rightful owner.
This article will give you a series of low tech and actionable advice on things you can do to avoid becoming the next ransomware victim.
Luckily there are several anti-ransomware tactics that you can implement without the need for any special computer skills.
Table of Contents
- What is ransomware and how does it work?
- Technically speaking
- Ransomware protection and prevention options
- #1: Backup strategy
- #2: E-mail vigilance
- #3: Anti-virus software
- #4: Security updates and Windows user control settings
- #5: Anti-ransomware solution
- #6: Resourcefulness in the moment of an attack
- What are your options after an attack?
- Should you pay the ransom or cut your losses?
- Final thoughts
What is ransomware and how does it work?
Ransomware is a threat that can hit everyone from novice to IT-Specialist. The ransomware victim is tricked into installing the malware on their computer which will then encrypt all available data and effectively kidnap the data.
Once the data is encrypted it is time so sell the decryption key to the rightful owner. The whole thing is fully automated and the simplicity is surely a very attractive option to tech savvy criminals.
Until these criminals figure out new ways to attack you, you will typically fall into the trap by clicking a link or an attachment of some kind in an e-mail.
Ransomware is different from a more traditional virus in that it does not concentrate the attack on the OS. Ransomware is not an infection such as Trojan horses, spyware and other kind of sneaky things.
The purpose of ransomware is more primitive and once it´s inside your computer there is no sneaking around.
The program will immediately cast a wide net and grab hold of all accessible data. This includes your main drive, internal storage, external storage, network drives, NAS devices, USB devices, etc. Basically, this means everything that is connected to your computer.
Scary thought, right?
Ransomware protection and prevention options
As an individual or a small business owner you will need to establish your own first line of defense if you want to be ahead of the ransomware beast. Avoiding a ransomware attack in the first place is obviously the best defense.
Due to the way that ransomware works (for the time being), you have a few good options at your disposal, which will offer some or even full protection. Some options will have a price tag and some are free.
#1: Backup strategy
If you do not have a backup strategy in place already this is your first stop. You can adopt the following tips later. Having a good backup strategy in place is vital if you want to secure your data against ransomware attacks.
Backing up your files has many other advantages of course.
However, in this scenario backing up your data on a second drive in your computer or other connected devices is not the answer.
As mentioned earlier, ransomware will sniff out everything that is attached to your computer. This means that you need a backup, and preferably more than one, which is NOT connected to anything.
You can use a USB drive, DVD, Blu-ray or even Cloud backup (Not to be mistaken with cloud storage which can be infected as well).
Dusting off your old hard drives
This is a wonderful opportunity to use old USB or internal hard drives that you have outgrown earlier. It is super easy to use an old hard drive as a USB-drive by buying an empty USB enclosure.
It really is as simple as installing the drive in the enclosure, connecting it to the PC and let the system format the drive. You can get good hard drive enclousures on Amazon from 15$ and up.
#2: E-mail vigilance
Another very important piece of advice is to adopt a general suspicion when it comes to your e-mail usage. Cyber-crime is exploding all over the world at the moment, and I´m afraid we have not seen the worst yet.
Be extremely careful with unexpected or suspiciously looking e-mails and never, ever click any file that ends with “.exe” or any other unexpected file format.
You can´t even trust mails from someone you know. That person’s e-mail account could be hacked and used for malicious purposes without them knowing it. You can create a filter which will move such mails directly into you spam filter or even delete them automatically.
If you are uncertain about a mail, delete it or open it with a device other than your main computer.
Things to look out for:
- Strange domain names
- Well known, but slightly altered, brand domain names
- Bad spelling in the text
- Links in the mail
Consider using Google´s G-mail. They are excellent at filtering out spam. Well apart from their own commercials that is. If you get tired of their ads you can try their G-Suite (previously known as G-Mail for business). With G-Suite you can also use your domain to create professional looking e-mails.
I also get quite good results when I use Outlook from Office 365.
#3: Anti-virus software
Always have an updated and reputable anti-virus/firewall suite running.
Even though anti-virus software is not specialized to stop ransomware, it may be able to catch on to the file that contains the ransomware, or at least warn you of suspicious activity.
Personally, I use and recommend Norton Internet Security. It doesn´t get more reputable than that when it comes to personal computer safety. I have tested different products and I find this suite to be the least invasive of the ones that I have tested.
#4: Security updates and Windows user control settings
It is critical to keep your system updated with security updates regularly or let the operating system do it automatically.
Set up your Windows user account so that you will be asked for permission when a program wants to make a change to your computer. While these system requests can be annoying, it is a low price to pay if it decreases the risk of a ransomware attack.
#5: Anti-ransomware solution
Acronis has recently introduced an ATI Premium Next Generation edition of their Acronis True Image backup suite. This edition offers active ransomware protection.
It will run in the background much like the way an anti-virus program works. It will stop attempts at unwanted installs and changes to the computer registry.
In the end I have no way of knowing if this feature actually does what it claims, but that is no different from my anti-virus software. I don´t actually know how well my anti-virus software is protecting me, but I know I feel naked and vulnerable without it.
You can read my review of Acronis True Image NG here.
#6: Resourcefulness in the moment of an attack
The moment you get an indication that you are experiencing a ransomware attack you need to be fast and brutal. You don´t have time to shut down properly or consider your options! You may only have a few seconds to make a difference.
Simply cut the power to the computer or do a hard shutdown if you are using a laptop. This is usually done by holding down the power button. If you are using a laptop you may be able to pull out the battery.
As you may know, file encryption takes time and even if the ransomware takes over your computer in some way, you may be able to access your hard drive in other ways. The criminals may have locked the door so to speak, but your content could still be fully or at least partially intact.
Just cutting the internet access is surely better than no action, but once the ransomware is installed, it will probably be able to run with or without internet access.
Do not try to turn the computer back on to see what has happened!!!
Once you have shut down the computer you can step back and consider your next move.
How will cutting the power help me?
The first thing the ransomware program will do is surely to stop the owner from using the computer. This will most likely be done by blocking the user interface in some way. Secondly, it will probably encrypt the boot sector which will block access to the OS. It is even rumored that the BIOS can get infected.
Cutting the power will stop any encryption process, but it is extremely important that you do not turn the computer back on. To my knowledge the ransomware will need the operating system to run so the data may be accessible if the hard drive is accessed as a slave disk.
What are your options after an attack?
Don´t panic even though it will surely be hard not to panic a little bit. But you may still have some options if you take the right steps.
To most PC users this will feel like they have taken over the computer itself. At first that is indeed the case, but replacing the hard drive or simply formatting the one that was attacked, will get the computer back in action.
One exception would be if they actually manage to infect the bios. It may be possible to wipe it clean by flashing it, but that is a much more complicated subject that goes way beyond the scope of this article.
What to do next?
#1: Seek help from IT professionals if you don´t have advanced computer skills yourself. Someone with the right skills may be able to extract some or even all your data from the hard drive, depending on the amount of time the ransomware had time to run.
#2: Do you have a backup and how old is it? If you have a reasonably fresh backup all you need to do is format your hard drive and re-install your computer.
If you only have one backup I would suggest that you create a copy on another computer first before you attempt to restore it. Just in case.
At this point I would like to suggest reading my article about organizing your files and OS on separate drives.
#3: If you don´t have a backup and if nobody was able to extract your data, there may not be much you can do. This means waiting for the criminals to get in touch or cutting you losses and move on.
Should you pay the ransom or cut your losses?
I don´t know what kind of money these people will ask in return for your kidnapped data, but I suspect they don´t offer discounts.
The authorities recommend not paying in order not to encourage this kind of crime. Of course this is the right attitude, but at the same time it is easy advice when you are not the one who has lost your family photos or important documents.
Personally, I still don´t think I would pay for a couple of reasons.
Firstly, I would not trust these people with any kind of personal data. I would hate the thought of them having access to whatever data they may be able to get their hands on during a financial transaction.
Secondly, I would suspect that the demands would continue once I indicate that I am willing to pay for their “services”.
However, my attitude may be influenced by the fact, that I have a pretty strict dual backup routine going and I hope I will never have to make the choice. It would most certainly be difficult for me to let go of precious family photos and work files.
I am sure that this threat is here to stay and I believe we can expect their methods to evolve regularly. A new battle of wits will roll back and forth like the one we have seen with virus attackers and anti-virus developers for the last 2-3 decades.
As you can see some of the counter measures are pretty straight forward and you can reduce the ransomware risk significantly no matter how tech savvy you are.
If you are not sure how to set up a backup, you are very welcome to read my articles and reviews on backup strategy and backup software below:
If you have any questions or ransomware experiences you would like to share, please feel free to leave a comment in the comment section below.