Sunday, July 26, 2015

What is ransomware?

Our various wares

First there was software and hardware; as people found ways to exploit each of those, a concept was developed called malware—malicious software—code that is intended to damage or disable computers. As digital technology advances, so do the criminal methodologies used to harness it. One clever example of that is ransomware.

What is ransomware?

Ransomware is a form of malware that holds your computer and its files hostage. Typically, when your computer is infected with ransomware, the PC is locked down so that you can no longer boot into the operating system (OS, i.e., Microsoft Windows), and all of your files are encrypted so that you can no longer access them until you gain access to the "key" that decrypts the files. A nefarious message is displayed on screen demanding you pay a ransom in order to get access to your computer and all of your programs, documents, photos, and other saved data.

Is the ransom for real? You betcha. If you don't pay the bad guys, you lose everything that is not already backed up in a secure location. A Massachusetts police station that fell victim to ransomware chose to pay the ransom in order to regain access to its files. See that story here. But, keep in mind that payment is no guarantee that you'll get your files back.

How do I prevent ransomware infection?

Ransomware is installed and activated just like any other malware. Frequently, it comes from clicking a link or opening an attachment in an unexpected or unwanted email (like a spam message), although ransomware can also come from surfing to untrusted web sites. The simplest way to avoid ransomware is this: Do not click links in emails, and do not open attachments to emails. 

Other tips that aid in prevention:
  • Keep your computer up to date with the latest patches, for the OS as well as your applications
  • Do not open attachments or click links in emails that are unexpected, unwanted, come from untrusted sources, or are in any way questionable or supicious
  • Do not click on ad links on web sites, even on sites that you trust
  • Use an anti-malware/anti-virus program on your PC, and keep it up-to-date
For more information, see Brian Krebs' article How to Avoid CryptoLocker Ransomware.

How do I counteract ransomware?

Back up your data on a regular basis. Maintain a full backup on separate media (like an external hard drive) that is not perpetually attached to your network. Keep in mind that any device or system attached to your network is susceptible to the same malware infection as your computer. If you update your backup weekly, then the most data you can lose in the event of infection is seven days' worth. 

If your computer is infected with ransomware, the best solution is to wipe the hard drive clean and do a full restore of your system image and files.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.