Its morning and you’re waking up ready to start your day. You get your coffee ready and open up your laptop to get caught up on the news, check some email, and do some online banking. You try to log in and are greeted by a screen like the one below. You’ve been hit by ransomware.
You’ve just been hit by Ransomware.
Ransomware is causing significant problems to the tune of $5 billion in 2017. There are things you can do to prevent ransomware attacks, but there are some things you need to understand about this genuine threat to Internet security.
What is it?
Ransomware is a type of malware that locks a user out of his or her device by encrypting the hard drive. The user is then forced to pay a ransom in exchange for a decryption key that will restore their access.
The ransom required to restore access to your computer can vary widely from $25 to several thousand depending on what amount the attacker thinks you will pay, which the majority of people do.
The hitch is that even if you decide to pay the ransom, there is no guarantee that the hackers did not steal all of the data they encrypted before providing the decryption key. Some attackers, although very few, never actually send you the key at all and instead just delete all of your data after you pay.
Anti-Virus software is totally ineffective against it.
Let’s start by saying that a reliable commercial anti-virus program (AV) is a must-have. AV programs will stop the vast majority of threats that affect Internet safety.
Ransomware, unfortunately, is not one of them. Ransomware has nearly a 100% success rate against AV programs. To understand why you need to know a little about how AV works.
Commercial AV products like Norton, identify malicious programs by looking at sections of its code. These snippets of code create a sort of digital fingerprint that for each piece of detected malware.
These fingerprints are stored in a database that is accessed by the AV program when new software is installed on your computer.
If the fingerprint of the new software being installed matches that of a piece of malware stored in the database, the VA programs flag the new software as malware.
To get past an AV program, an attacker merely has to alter the code for the malware, creating a variant that doesn’t match the digital signature in the malware database.
Variants can last for months without being identified and added to the malware database. So a hacker has a lot of time to create the next one once his current variant stops working. Ransomware is designed in a way to make this process easy.
Anybody can execute a ransomware attack.
They portrayal of hackers as these computer geniuses sitting in front of five monitors is a little dated. These high-skilled hackers do still exist, but they do not make up the bulk of malicious hackers.
Most malware, especially ransomware, is distributed through a rootkit. These rootkits are basically a hack in a box. All the technical work is done for the hacker, and now people can launch ransomware attacks through a nice GUI that does most of the work for them.
Rootkits sell on the dark web for a few hundred to a few thousand dollars depending on what options they include.
It isn’t just locking you out of your computer anymore.
The proliferation of smart devices like cameras, door locks, light switches, appliances, and other devices, collectively known as the Internet of Things (IoT), has opened up new opportunities for our bad guys. It is much easier to block one of these devices that a typical PC.
Imagine coming home to a text that you have been locked out of your home because your smart lock has been compromised. It may sound far-fetched, but there is already evidence of this happening.
What can you do?
The most important thing is to keep all of your devices updated. Ransomware needs some sort of vulnerability to get a foothold in your device. Ensuring that you don’t ignore software updates is essential to protecting yourself from the ransomware.
Next, make sure you have multiple backups of all of your sensitive data. Ideally, you would have three. One in the cloud, one on another drive on your network, and one on a physical drive that is not connected to your network like a removable hard disk.
Finally, be cautious of where you visit on the web and what you click on in your email. Most ransomware is still distributed through a phishing email, but not all phishing emails are apparent.
My goal is to arm people with information that will help them and their families stay safe online. If you found this information valuable, please share it so that others may also benefit. If there is something you would like to learn more about, please contact me. Thank you!
Until next time, Cyber Safely!