Not too long ago a friend of mine called me and said he had clicked on something he shouldn’t have. Suddenly there was a message on the screen claiming all the files on his computer were now encrypted and to get the files back, a large sum of money would need to be paid promptly to an unknown entity. We verified, his files were in fact encrypted and inaccessible. Now victim of a ransomware attack, he was left with only two options – he could either pay the ransom, and hope that they would actually “unlock” his files, or he could restore his files from a backup prior to being infected with the ransomware.
All too often people are caught off guard when infected with ransomware. In 2016, the United States was undeniably the single greatest target for ransomware, accounting for 50 percent of the detections globally. Whether it’s a personal computer (PC) sitting in a cubicle at work, servers used by the government, computers used for monitoring healthcare patients, or the home computer sitting in your living room, it can be vulnerable to a ransomware attack.
There are different types of ransomware but two things remain constant – they will all prevent your PC from operating normally and will ask you for something before allowing you to use your PC. Ransomware can prevent you from accessing Windows or encrypt files so you can’t use or access them. It can even prevent certain apps from running such as your email or web browser. Once infected, it will demand you pay a “ransom” to gain access to your PC or files. What’s worse is there is no guarantee you will get your files back, or gain access to your PC, even if you comply with the ransom.
Ransomware can get on your PC the same way malware does by visiting unsafe, suspicious or fake websites. Another way would be opening emails and email attachments from people you don’t know or that you weren’t expecting. Other entry points include clicking on malicious or bad links in emails, Facebook, Twitter and other social media posts or messengers like Skype. It can be very difficult to restore a PC after being infected with ransomware, especially if it encrypts all your files. That’s why the best solution is to be cautious when browsing the internet, checking your email or using social media. Don’t click on a link on a webpage, email, or in a chat message unless you absolutely trust the webpage or sender. If you are ever unsure, simply don’t click the link, it’s better to be safe.
Because the files are encrypted, it can be nearly impossible to recover the files without the original encryption key from the attacker. The best advice I can give is to make sure your files are backed up to a secure location separate from your computer. By separate, I mean a device or location other than the computer or computer hard drive you are backing up. This is important because if you are storing your backups on the same computer and contract ransomware, it will encrypt your backup as well, rendering the backup useless.
Older versions of ransomware would claim you had done something illegal with your PC, and that you were being fined by a police force or government agency. These claims were false; it was a scare tactic used to make you pay without telling anyone. Today, scammers don’t even cover it up. The tactics used are so successful and untraceable that, like my friend, you only have two options. Pay and hope you get your files back, or restore from backup. It is because of their success that we are continuing to see an increase in these types of attacks. Cyber scammers will continue to take advantage of people if their tactics are successful. Fortunately for my friend, we restored all files from backup, disinfected his computer and avoided paying the ransom.
Make it tough for scammers by surfing the web safely and cautiously, and by backing up the data that is precious to us. It’s a good feeling in these situations when the sense of vulnerability goes away, and you can wipe your computer knowing that you have a good backup of your files to restore.