This post originally appeared in Equipment Connection, the Hartford Steam Boiler and Inspection Company’s (HSB) blog. It was authored by Monique Ferrarro, Cyber Practice Counsel at HSB.
It’s increasingly possible that a hacker could seize control of your computer or data and demand a payment to give it back.
These so-called “ransomware” attacks have unfortunately become far more common nowadays, and they’re one more reason that individuals and businesses should redouble their efforts to protect and secure their systems.
The threat is real. Ransomware has taken over as the most pervasive cyber risk, affecting single user systems to multi-user networks. While there are several versions of the threat, they share common elements.
How ransomware works
Unlike other types of viruses that may go undetected by the user, ransomware is readily apparent. Once affected, a computer becomes inoperable or data inaccessible. The virus may either disable the computer or encrypt the hard drive, specific data or the drive and backup systems.
A warning appears on the screen stating that in exchange for a payment, usually in digital currency such as Bitcoin, the computer or data will be released. The “ransom” usually ranges from $150 to hundreds of thousands of dollars, depending upon the type of virus, the target affected and likelihood of payment.
Cyber attackers’ scare tactics
Often, the message accuses the user of downloading illegal or embarrassing content that frightens them to comply with the hackers’ demands without notifying law enforcement.
For instance, a common ransomware message appears to come from the FBI and claims that the user is under investigation for downloading child pornography or copyrighted content, such as movies or video games.
Here is one example of what a ransomware message might look like. This following message is from Cryptolocker, one of the oldest and most common ransomware viruses.
Minimal options after an attack
Most often, if the computer is infected, the only remediation options are to either pay the ransom or replace the hardware, software and data. Many victims choose to pay the ransom, as it is usually the less expensive option.
In some cases, self-help is possible. Googling the variant of the virus may yield a quick fix. For instance, older versions of ransomware used weaker encryption or contained backdoors that permitted the victim to get around it and restore their system.
Prevention is the best cure
When it comes to defeating ransomware, the most important steps are the ones you take to stop an attack before it ever happens.
As with most viruses, ransomware is frequently transmitted by email – users are directed to download a document or to a link that downloads the malicious code. Although we have been trained countless times to avoid downloading files from unfamiliar or suspicious sources, this activity is the leading cause of ransomware infection.
So, how can ransomware infection be prevented?
Prioritize cyber hygiene
Practice good cyber hygiene. Make sure that virus protection, firewalls, operating system and software updates are current. Stop clicking, “remind me later,” and take time to install updates.
Backing up is still critical
Back up important data, and the more redundant your backups — within reason — the better. For a single computer, backing up to a cloud service and a detachable external hard drive or large capacity flash drive is a simple solution.
Maintain at least one good copy of your back up data before overwriting it with a newer version. Of course, the more recent a backup is, the less extensive a data loss can be.
For larger networks, the same principles apply—use more than one backup method, ensure that at least one of them is stored offline and make sure there’s always at least one good copy of your data. This will minimize the possibility of ransomware contaminating backups in addition to the core system.
Be vigilant with your system
Another aspect of cyber hygiene is vigilance. The best and newest security cannot protect us if we engage in unsafe online behavior. Even though we have been trained and often read about online security, reports estimate that users are responsible for anywhere from 17-37% of information technology security incidents. You can practice cyber vigilance by:
- Being smart about email. Don’t click on links before you copy and google them. Most of the time, if the link is known to spread malware, you will receive a wealth of responses documenting the dangers of clicking on the link.
- Double-checking email addresses. If you receive an email from someone you normally converse with, take a look at the extension on the email and the address itself. Many times, hackers change one letter or substitute a number for a letter in an email address in an effort to exploit our tendency to trust the source and gloss over details.
- Downloading carefully. Don’t download documents, especially word documents or pdfs that may be suspect. If you’re not expecting a document, don’t download it without investigating it first. For example, if you receive an email that says your item has shipped, but you didn’t order anything recently, don’t click on the link or download the attachment. If you receive an attachment from someone and the email doesn’t contain other text that is suspicious. If you receive a document, pdf or file from someone you don’t normally receive material from, investigate before downloading or opening the file.