Ransomware Security

Today's modern world has created a new type of hostage situation. Rather than having individuals storm an airplane demanding cash and safe passage to some remote location, individuals are being held hostage in their very homes by malicious software (malware) known as ransomware. Like an armed hijacker, ransomware captures something valuable, a computer, and holds all the information on it hostage in exchange for money. It's a particularly nasty type of malware and its presence is growing with an estimated ransomware attack every 10 seconds. However, like any other criminal activity, users do not have to become a statistic.

What Ransomware Does

Ransomware is a sophisticated type of malware that finds an exploit (think of it as a poorly secured door or window) in an operating system and then locks up the computer. The ransomware then displays a screen on the computer telling the user that the computer's files have been locked or encrypted (scrambled) and the only way to receive the unlock key is to send money (normally in an untraceable digital currency like Bitcoin) to a specified digital address. Some versions of ransomware threaten to permanently destroy or delete files unless the ransom is paid in a specified period of time.

How to Stop Ransomware

With very few exceptions, one of which was the WannaCry worm in May 2017, ransomware requires some sort of user interaction to get into a computer and start working. The most common method of getting an infection is when a user clicks a link in an email or email attachment, a user clicks a link on social networking site, or the user visits a website that has the ransomware on it. Like getting sick, an ounce of prevention is worth a pound of cure. Here are some methods to prevent ransomware:

  • Do not click links in email. Visit the site directly if there is suspicion of an actual emergency with a bank or credit card.
  • Avoid suspect websites, such as those offering deals too good to be true, pirated music or movies, or pornography. Foreign language sites, particularly those hosted in countries like Russia (.ru at the end of the URL) are also suspect.
  • Turn off unnecessary Internet browser extensions, add-ons, and plug-ins.
  • Invest in a good antivirus program that updates at least weekly and prevents automatic software installation without user consent.
  • Invest in a backup solution. Critical files and information should always be backed up so that even if a computer system has to be completely re-installed, important information is not lost.

How to Recover from Ransomware

Should a computer get infected with ransomware, recovery may be possible. For some that simply lock the computer without encrypting files, restarting the computer in safe mode and deleting files or using system restore may be all it takes along with a scan by an antivirus tool to locate the ransomware and remove it. For encrypted files, there are software tools designed to specifically unlock the files and enable recovery. Again, follow this by a thorough antivirus scan. A system backup from before the infection (an entire system image - mirror copy of computer -- is best) is perhaps most effective. Note that even when paying the ransom, as many as a third of all computers are not given the unlock key and lose files (and money) anyway.

As with most crimes, never being a victim is always better than recovering from an attack. Being careful and making wise investments in cyber security and data backups are best practices to avoid ransomware infections in the first place while enabling speedy recovery from them as a last resort.