Holding Your Digital Life for Ransom
What is Ransomware?
Ransomware makes all your files inaccessible, then extorts money with the promise to provide a recovery key once you do.
Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication. — James Scott
Video: How Not to be a Ransomware Victim
Don't Pay the Ransom
If you are the victim of a ransomware attack, how do you respond?
First of all, do not pay the ransom.
Paying the ransom should be your last option as it will only encourage future development of ransomware and more frequent attacks by labelling you as an easy target and someone that is unprepared.
It also is increasingly common that you won't get your data back even after paying.
[E]ven if a payment was forthcoming, new research reveals the shocking reality of ransomware today: 92% of organizations don't get all their data back. — Forbes
- Global surge in ransomware attacks: To pay or not to pay is not the only question.
- Ransomware attacks hitting a 93% increase year over year.
- Ransomware risks for consumers vs. businesses, and how to avoid them.
A survey of organisations affected by ransomware attacks found that the average total cost of a ransomware attack for organisations that paid the ransom is almost $1.4m, while for those who didn't give into ransom demands, the average cost is half of that, coming in at $732,000. — ZDNet
As inconvenient as it is, your best bet is to tighten your security (educate yourself and others about the warning signs) and restore your files from a recent backup.
In short, your security comes down to the same three words: backup, protection, awareness. All three need to be in place, and when they are, you can confidently say you're employing optimal antiransomware security strategy. — Kaspersky
Some facts about ransomware:
- Ransomware is a special sort of malware infection that encrypts your entire computer then holds it for ransom.
- The encryption key can be destroyed if you attempt recovery without paying the ransom.
- Paying the ransom is no guarantee of recovery. You're dealing with thieves, not honest businessmen.
- Without income, this sort of malware will die off.
- Anti-ransomware software is available and should be a part of your security suite.
[T]he average downtime an organization suffers from a ransomware attack is three days, but at times can be indefinite and lead to the failure of a business. — TechRepublic
The average cost of a data breach is $3.86 million, a malicious breach cost $4.27 million, and a ransomware attack costs about $4.44 million, according to IBM's 2020 Cost of a Data Breach report. — TechRepublic
PC Magazine's The best ransomware protection provides an excellent overview of ransomware as well as assessing various solutions:
Of course, ransomware is just another kind of malware, and any malware-delivery method could bring it to you. A drive-by download hosted by a malicious advertisement on an otherwise-safe site, for example. You could even contract this scourge by inserting a gimmicked USB drive into your PC, though this is less common. If you're lucky, your malware protection utility will catch it immediately. If not, you could be in trouble.
Cities, hospitals and other government services have been the targets of ransomware. Even though their tax bases have been hit hard by the COVID-19 crisis, they are now facing the threat of confidential information being released.
- “It's not in the budget.” The economic reality of a ransomware attack.
These are favoured targets because these services are both unprepared (their security and often their hardware is sub-standard) and motivated (because of the confidential and often critical nature of their data).
There is no guarantee that this information will not be sold on the dark web and eventually be exposed anyway. In the past, the defense for ransomware was simply to have good backups, however, with the addition of data exfiltration, the ransomware groups have changed the game. — Erich Kron
A recent release is called RedBoot, named because, when infected, your computer boots to a red screen with white text that tells you your files have been encrypted with instructions to email an address with your ransom payment.
This was the first of a wave of ransomware-as-a-service, a commercial product that will make it available to virtually anyone to use.
This ransomware can alter your master boot records, change partitions tables and encrypt files. That means it can do real damage to your machine. — TechRepublic
IoT and Ransomware
Criminals are starting to look at cloud services for future ransomware attacks because data is moving to the cloud — because that's where the “money” is.
The future of ransomware could be even grimmer with the Internet of Things (IoT).
Manufacturers have been busy installing Internet-connected microcomputers in everything — baby monitors, cameras, cars, hospital equipment, smart TVs and much more.
Forbes predicts that by 2025, we'll have over 80 billion smart devices on the internet. Much of the embedded firmware running on these devices is insecure and highly vulnerable, leaving an indeterminate number of critical systems and data around the world at risk. — IoT for All
It's only a matter of time before people get messages on their car screens saying that the engine has been disabled and it will cost $200 in bitcoin to turn it back on. Or a similar message on their phones about their Internet-enabled door lock: Pay $100 if you want to get into your house tonight. Or pay far more if they want their embedded heart defibrillator to keep working. — Bruce Schneier
No Plans for IoT Security
Security has not even been considered in the rapidly expanding list of products that form the Internet of Things and is probably not even possible to implement post-manufacturer.
If you're fed up with paying to protect your computer, can you imagine if you're faced with the possibility of paying a ransom for your IoT devices or throwing them away?
Preparing for Recovery
Prevention isn't easy and the only reliable recovery is to wipe your hard drive and recover files via a RECENT secure offline backup (cloud-based storage and always-connected backup devices can be infected if your computer is compromised).
The main thing is to avoid any risky behaviour and to prepare as best you can to recover.
- Use a reputable security software.
- Use an Anti-Ransomware software.
- Backup your data.
- Exercise good judgment.
- Implement employee education programs (Business).
- Only use secure networks.
- — ZoneAlarm
As a way to deal with ransomware attacks specifically, organizations need to back up data regularly to a nonconnected environment and verify the integrity of those backups regularly…. [A]n effective privileged access management solution using a zero trust approach is key to preventing bad actors from accessing critical systems, infrastructure and sensitive data. — TechRepublic
Here's some keys to preparing your computer(s) and data for recovery:
- Ensure that your computer(s) are fully patched as quickly as possible to avoid infection where possible.
- Use secure passwords and change the default passwords for equipment like your router.
- Create and maintain a regular complete backup of your critical data files (irreplaceable documents, photos, media downloads, etc.).
- Use a USB-based hard drive not permanently connected to the computer, storing that drive in a secure location when not backing up or restoring files.
- Regularly backup current (in-use) files on a thumb drive (removing the drive from the computer when backups aren't in process).
- Be wary of clicking on attachments in emails without scanning them first.
- If you have any doubts about whether an email is legitimate, don't click on any links, especially if the email is unexpected (e.g. a “notice” from FedEx). Report it to your IT department or resource (or delete it on your own computer)
- Avoid downloading or watching videos on unknown pages. Facebook is famous for obscuring the destination of links on their site and for fake news links. Don't go there.
- Ensure that you don't allow people to use your computer unsupervised and particularly don't allow them to download and install software. This is especially true for your children.
- If you must have a "guest" computer, keep it unconnected from your network and don't provide Administrator privileges to the account they're using.
You should also increase your security budget and train your employees on how to spot and avoid risky behaviour. The cost is far less than a successful ransomware attack.
Winning the War on Ransomware
See Trustwave's Winning the War on Ransomware infographic (below).
- No More Ransom lists some decryption tools.
- Protect yourself from ransomware — Mozilla blog.
- How to protect yourself from the global ransomware attack.
- WannaCry ransomware code errors could give victims a chance to get files back.
- Locky Ransomware [Updated].
- "Locky" ransomware -– what you need to know.
- 11 things you can do to protect against ransomware, including Cryptolocker.
- CryptoLocker. 13 versions listed. Removal included.
- CoinVault ransomware decryptor has some decryption keys you can try with sample infected files.
- TorrentLocker (fake CryptoLocker) ransomware information guide and FAQ.