What is ransomware?
Bad guys access your computer when, in an email, you click a hotlink that appears trustworthy because it came from a friend, your job or your mailing lists. The page that opens installs a Trojan (like the horse) program that uses the cybercriminals’ key to encrypt your files and sometimes the OS (Operating System).
They then ask for a few hundred dollars of untraceable Bitcoin for the key to decrypt your files. Lastly, they make your computer a bot (robot, zombie) sending the virus on to all those on your contact list or to others on the Internet.
Common self-protection methods
Remember, you want to safeguard patient files, irreplaceable photos and videos, music, creative projects, meaningful emails, accounts receivable and lots more:
- Backup your files at least daily.
- Keep multiple encrypted backups in multiple locations such as an attached hard disk separate from your computer’s main drive and an offsite location such as a server or a friend’s computer.
- Use a backup program. Don’t just make a copy of your files or use a cloning program, A backup program will use space efficiently by backing up only the files added or created after the previous backup. And programs are more reliable than you; they don’t forget or get distracted.
- Backups to the cloud are standard operating procedure at this time. Numerous cheap services are available. Ideally, keep the backup program closed and only open it to sync your computer with the cloud version and then close it. That way, your backups are much less likely to be re-encrypted or otherwise damaged by a malware infection.
- You don’t need to back up the Windows OS or applications you can easily reinstall.
- Backups are the most important and simplest protection. Stop reading and do it right now.
- Use the latest versions of Windows OS by making updates install automatically. If you cannot update, install all patches and block some ports.
- Buy and keep current anti-virus/malware programs. Although available anti-virus programs did not prevent recent ransomware attacks they can protect against many kinds of malware.
- Phishing is using misleading emails to install malware or collect data. In emails never click on a link you don’t fully understand. Be skeptical. Do not open emails that appear to be from trusted senders but whose addresses have personal names or odd spellings.
- Never click on attachments you are not expecting. Text, images, videos and any type of file can contain malware. If you are sending an attachment, include some unique explanation so the receiver will trust your message.
- Try to secure your browsers, as these are second only to email in allowing malware infections. Use the browser’s security settings although they are complicated.
- Malvertising is placing ads on legitimate sites which when clicked install malware.
- Never give access to your computer to anyone you have not called for help.
- Never give passwords or any personal information in an email.
- Ignore scareware – bogus messages that your machine has been “infected” with malware and that you must call a number or go to a site immediately. Do not click on it to close it, use the keyboard command.
What else you can do to protect yourself?
- Go Macintosh. None of these attack tools work on Mac’s OS. Hackers will get around to Macs someday but its business and institutional users are few and so not very profitable for ransom. [Ed. – There is indeed ransomware for Macs, so changing computers is not a guarantee of protection.]
- Turn off connections and delete programs you are not using. Some to consider:
- Turn off Macros and ActiveX in the Microsoft Office suite because infected documents are commonly used to spread malware. Turn off all autorun programs, such as AutoPlay, and disable PowerShell.
- Turn off wireless and Bluetooth connections when not in use.
- In your browser, delete Adobe Flash, Adobe Reader, Java and Silverlight. Remove outdated plugins and add-ons or any you are not using.
- Never plug in USB sticks/flash drives whose origin and contents you are unsure of.
- If you need to work on, not just store, sensitive data use two computers, one “air gapped” – without any Internet or LAN connections – and keep your really sensitive stuff only on it. No connections means no infections. This can be an old computer and not need to be updated. Do your browsing and emailing on the other and use the protections described above.
What to do if you are infected with ransomware?
- If you see a ransomware notice or a screen saying that your computer has been locked, disconnect from the Internet immediately and seek help from a data recovery professional. If you have malware removal tools already installed you have little to lose by rebooting Windows in Safe Mode and running them.
- Do not pay the ransom; they won’t send the key and it supports their next attack. [Ed. – According to most news articles, attackers do provide the key once the ransom is paid.]
- Report the crime to your local FBI office.
- If you have a recent backup make a working copy of it. Wipe the computer of all files and programs, including the OS, and reinstall clean versions before transferring backed up files to it. Consult tech support for how to wipe your hard drives completely.
- Locked up or encrypted files are not a breach under HIPAA so you don’t need to investigate or report it.
- Don’t panic. Others may have copies of your work. Some may be on other media or in their Trash.
Tools that may reduce your risk of ransomware
- Don’t use public WiFi without a VPN (Virtual Private Network). It hides your identity (“security by obscurity”) and encrypts your data, searches and messages.
- Sites that encrypt all traffic show a lock in the address bar or a green tint of the site’s name and “https://” instead of just “http://.” You can force encryption with sites with the free and tested browser extension HTTPS Everywhere from https://www.eff.org/https-everywhere.
- Adblockers will protect against ads containing malware links. These are especially protective on dodgy sexual, gambling, drug and torrent sites.
- A password manager will save time and store encrypted versions of logins, passwords and your identifying information, credit cards, bank accounts, etc.
Most worrisome is that the recent extortion was a cover for installing “back door” software which will be used later for other purposes, such as stealing data or crippling critical functions – power grids, banking, defense and even your car. Also, malware attacks will only get worse as more devices are attached to the Internet and viruses are written for other platforms and operating systems. Government action is unlikely and there is little incentive for manufacturers to improve product security.