Holding Your Digital Life for Ransom
What is Ransomware?
These files are inaccessible unless you pay the ransom.
Video: How Not to be a Ransomware Victim
Responding to Ransomware
If you are the victim of a ransomware attack, how do you respond?
First of all, do not pay the ransom.
This will only encourage future development of ransomware and more frequent attacks. As inconvenient as it is, your best bet is to tighten your security and restore your files from a recent backup.
Some facts about ransomware:
- Ransomware is a special sort of malware infection that encrypts your entire computer then holds it for ransom.
- The encryption key can be destroyed if you attempt recovery without paying the ransom.
- Paying the ransom is no guarantee of recovery. You're dealing with thieves, not honest businessmen.
- Microsoft and others recommend NOT paying. Without income, this sort of malware will die off.
- Other than prevention, your only realistic alternative is to wipe your computer, reinstall everything and restore your data from a reliable (and uninfected) current backup.
- PC Magazine's The best ransomware protection of 2017 provides an excellent overview of ransomware as well as assessing various solutions.
The most recent release is called RedBoot, named because, when infected, your computer boots to a red screen with white text that tells you your files have been encrypted with instructions to email an address with your ransom payment.
This was the first of a wave of ransomware-as-a-service, a commercial product that will make it available to virtually anyone to use.
This ransomware can alter your master boot records, change partitions tables and encrypt files. That means it can do real damage to your machine. — TechRepublic
IoT and Ransomware
The future of ransomware could be even grimmer with the Internet of Things (IoT).
Manufacturers have been busy installing Internet-connected microcomputers in everything — baby monitors, cameras, cars, hospital equipment, smart TVs and much more.
Forbes predicts that by 2025, we'll have over 80 billion smart devices on the internet. Much of the embedded firmware running on these devices is insecure and highly vulnerable, leaving an indeterminate number of critical systems and data around the world at risk. — IoT for All
It's only a matter of time before people get messages on their car screens saying that the engine has been disabled and it will cost $200 in bitcoin to turn it back on. Or a similar message on their phones about their Internet-enabled door lock: Pay $100 if you want to get into your house tonight. Or pay far more if they want their embedded heart defibrillator to keep working. — Bruce Schneier
No Plans for Security
Security has not even been considered in the rapidly expanding list of products that form the Internet of Things and is probably not even possible to implement post-manufacturer.
If you're fed up with paying to protect your computer, can you imagine if you're faced with the possibility of paying a ransom for your IoT devices or throwing them away?
Preparing for Recovery
Prevention isn't easy and the only reliable recovery is to wipe your hard drive and recover files via a RECENT secure offline backup (cloud-based storage and always-connected backup devices can be infected if your computer is compromised).
The main thing is to avoid any risky behaviour and to prepare as best you can to recover.
Here's some keys to preparing your computer(s) and data for recovery:
- Ensure that your computer(s) are fully patched as quickly as possible to avoid infection where possible.
- Use secure passwords and change the default passwords for equipment like your router.
- Create and maintain a regular complete backup of your critical data files (irreplaceable documents, photos, media downloads, etc.).
- Use a USB-based hard drive not permanently connected to the computer, storing that drive in a secure location when not backing up or restoring files.
- Regularly backup current (in-use) files on a thumb drive (removing the drive from the computer when backups aren't in process).
- Be wary of clicking on attachments in emails without scanning them first. If the email is unexpected (e.g. an unexpected “notice” from FedEx) you should delete the email (FedEx likely didn't have your email address, only your phone number).
- Avoid downloading or watching videos on unknown pages. Facebook is famous for obscuring the destination of links on their site and for fake news links. Don't go there.
- Ensure that you don't allow people to use your computer unsupervised and particularly don't allow them to download and install software. This is especially true for your children.
- If you must have a "guest" computer, keep it unconnected from your network and don't provide Administrator privileges to the account they're using.
Winning the War on Ransomware
See Trustwave's Winning the War on Ransomware infographic (below).
- Protect yourself from ransomware — Mozilla blog.
- How to protect yourself from the global ransomware attack.
- WannaCry ransomware code errors could give victims a chance to get files back.
- Locky Ransomware [Updated].
- "Locky" ransomware -– what you need to know.
- 11 things you can do to protect against ransomware, including Cryptolocker.
- CryptoLocker. 13 versions listed. Removal included.
- CoinVault ransomware decryptor has some decryption keys you can try with sample infected files.
- TorrentLocker (fake CryptoLocker) ransomware information guide and FAQ.