Ransomware is becoming increasingly popular. The term refers to a type of virus which holds your data hostage for money. This is how it works: you will get a notification that all your data is encrypted, and in order to un-encrypt it, you must pay a certain amount for a decryption tool. Ransomware wasn’t a big issue until a few years ago as money paid as ransom would have been easily traceable and thus the culprits would have been caught. With the popularity of digital currency such as Bitcoin, the scenario is very different. Bitcoins are untraceable, which makes them perfect for ransomware. The only other method which is untraceable is cash itself, and it is easy to see why that isn’t practical.
Ransomware first appeared in 2013 and is very different from other types of viruses. The first difference is that it directly asks you for money instead of just causing financial damage. Another difference is that ransomware is usually run by experts. When you pay the ransom money, you will get the decryption tool back even though the hackers could have simply run away with your money. The encryption used is usually 128-bit or higher, which means there’s practically no way for people to get their data back unless they pay up. If you have a backup, then you will have to restore backups. If you don’t have a backup, or if the backup is itself encrypted, then the only choice you have is to pay the ransom or say goodbye to your data.
Recently, University of Calgary, a major research center in Canada, faced attacks of this type and had to pay around $16.000 US to recover emails that been encrypted for a week. Fortune.com reports that the school had received decryption keys in return for the payment, and that it has been able to use the keys to unlock email accounts.
The most notorious example of a ransomware attack took place in March this year. This time, criminals targeted a hospital, and locked down computers along with patient data. The Los Angeles hospital had to pay $17.000 US for the decryption tool.
Keeping your Data Safe
Ransomware may be almost impossible to get rid of once it has encrypted your files, but there is a lot you can do to ensure that never happens. You need to take all the security measures possible, especially if you’re working with sensitive or confidential data which needs to be protected.
Keep everything patched and updated
New ransomware keeps coming out periodically. If the ransomware is completely new, then your anti-virus will probably fail to identify it. Make sure that you keep all your software patched and updated so it is safe against the latest threats. Viruses also often use zero-day exploits to infect your systems. Zero-day exploits are weaknesses which have been newly discovered on software. As long as the software you use comes from trusted vendors, you should be getting patches for such exploits as quickly as possible.
Teach employees data safety
Ransomware works so well because it appears very innocuous. You will get an email from someone you know and it will have a Microsoft Word document attached. When you open the document, it will read like gibberish, except one line which says you need to enable macros in order to read the document. As soon as you enable macros, the ransomware will start running and begin encrypting your files. The issue is that there is no reason to be wary of the process above, as some users do not understandwhat macros are and why they need to be disabled. Teach your employees data security to keep your data safe. Talk to them about the potential exploits that hackers may use so they are cautious.
Any organization which gives every user admin rights is an organization that needs better IT policies. Users should have access only to the tools they actually need and use. Macros are a common way of infecting computers. Aside from a few departments, most people in an organization will never need to use a macro. Macros and any other such settings need to be disabled for anyone who doesn’t need it. Users should never have full admin rights to begin with. Many companies think that such IT policies result in the work becoming harder to do but that is the price of safety. By being willing to forego security measures in order to gain speed in day to day work activities, you could be subject to data loss.
The problem with ransomware is that it might just end up encrypting your backup files as well. This is why the only way to truly keep yourself safe from ransomware is through backups that are completely separate from your main system. This way, the virus will have no way of reaching the backups. Even cloud backups can be infected, though if your backup service keeps older versions of the backups you should be safe.