Protect yourself from ransomware attacks

It’s increasingly possible that a hacker could seize control of your computer or data and demand a payment to give it back.

These so-called “ransomware” attacks have unfortunately become far more common nowadays, and they’re one more reason that individuals and businesses should redouble their efforts to protect and secure their systems.

The threat is real. Ransomware has taken over as the most pervasive cyber risk, affecting single user systems to multi-user networks. While there are several versions of the threat, they share common elements.

How ransomware works

Unlike other types of viruses that may go undetected by the user, ransomware is readily apparent. Once affected, a computer becomes inoperable or data inaccessible. The virus may either disable the computer or encrypt the hard drive, specific data or the drive and backup systems.

A warning appears on the screen stating that in exchange for a payment, usually in digital currency such as Bitcoin, the computer or data will be released. The “ransom” usually ranges from $150 to hundreds of thousands of dollars, depending upon the type of virus, the target affected and likelihood of payment.

Cyber attackers’ scare tactics

Often, the message accuses the user of downloading illegal or embarrassing content that frightens them to comply with the hackers’ demands without notifying law enforcement.

For instance, a common ransomware message appears to come from the FBI and claims that the user is under investigation for downloading child pornography or copyrighted content, such as movies or video games.

Here is one example of what a ransomware message might look like. This following message is from Cryptolocker, one of the oldest and most common ransomware viruses.

cryptolockerMinimal options after an attack

Most often, if the computer is infected, the only remediation options are to either pay the ransom or replace the hardware, software and data. Many victims choose to pay the ransom, as it is usually the less expensive option.

In some cases, self-help is possible. Googling the variant of the virus may yield a quick fix. For instance, older versions of ransomware used weaker encryption or contained backdoors that permitted the victim to get around it and restore their system.

Prevention is the best cure

When it comes to defeating ransomware, the most important steps are the ones you take to stop an attack before it ever happens.

As with most viruses, ransomware is frequently transmitted by email – users are directed to download a document or to a link that downloads the malicious code. Although we have been trained countless times to avoid downloading files from unfamiliar or suspicious sources, this activity is the leading cause of ransomware infection.

So, how can ransomware infection be prevented?

Prioritize cyber hygiene

Practice good cyber hygiene. Make sure that virus protection, firewalls, operating system and software updates are current. Stop clicking, “remind me later,” and take time to install updates.

Backing up is still critical

Back up important data, and the more redundant your backups — within reason — the better. For a single computer, backing up to a cloud service and a detachable external hard drive or large capacity flash drive is a simple solution.

Maintain at least one good copy of your back up data before overwriting it with a newer version. Of course, the more recent a backup is, the less extensive a data loss can be.

For larger networks, the same principles apply—use more than one backup method, ensure that at least one of them is stored offline and make sure there’s always at least one good copy of your data. This will minimize the possibility of ransomware contaminating backups in addition to the core system.

Be vigilant with your system

Another aspect of cyber hygiene is vigilance. The best and newest security cannot protect us if we engage in unsafe online behavior. Even though we have been trained and often read about online security, reports estimate that users are responsible for anywhere from 17-37% of information technology security incidents. You can practice cyber vigilance by:

  1. Being smart about email. Don’t click on links before you copy and google them. Most of the time, if the link is known to spread malware, you will receive a wealth of responses documenting the dangers of clicking on the link.
  2. Double-checking email addresses. If you receive an email from someone you normally converse with, take a look at the extension on the email and the address itself. Many times, hackers change one letter or substitute a number for a letter in an email address in an effort to exploit our tendency to trust the source and gloss over details.
  3. Downloading carefully. Don’t download documents, especially word documents or pdfs, that may be suspect. If you’re not expecting a document, don’t download it without investigating it first. For example, if you receive an email that says your item has shipped, but you didn’t order anything recently, don’t click on the link or download the attachment. If you receive an attachment from someone and the email doesn’t contain other text, that is suspicious. If you receive a document, pdf or file from someone you don’t normally receive material from, investigate before downloading or opening the file.

 

© 2016 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is intended for information purposes only. HSB makes no warranties or representations as to the accuracy or completeness of the content of this article.

Monique Ferraro

Monique is counsel in Munich Re’s US Cyber Practice at HSB. Previously, she was principal at a digital forensics, e-discovery and information security consulting firm and owner of a law firm. Ms. Ferraro is a Certified Information Systems Security Professional.

3 comments

Submit a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s