Beware of Ransomware

Author: Lenette Votava

2

How would you feel if all of your photos stored on your computer were gone all of a sudden? Pictures of family, friends, vacations and graduations. Not just photographs but poems, short stories, grocery lists, school essays and every other kind of file you might store on your computer.

This past year, millions of photographs and other files belonging to thousands of individuals were held hostage by Ransomware. Criminals who use Ransomware are interested in just one thing: your money. In 2016, there are about 10 new ransomware malware programs per month, and it continues to grow in 2017.

The reason Ransomware popular is very simple. The victims deposit their money directly into the criminal’s account. No stealing your credit card. They just take your money directly. This is how Ransomware works.

  • First Contact—Ransomware is usually picked up through a phishing email just like other kinds of malware. Your antivirus software can often detect and eliminate it. Windows computers include Windows Defender automatically and Mac users on campus can get Sophos Antivirus for free. Anti-virus software is only as good as the last update, so it is possible the very newest Ransomware may go undetected
  • Stealth Behavior—Once your computer is infected by Ransomware, it works quietly in the background finding and cataloging all of your photos, videos, and other documents. Once it’s working, you will never know it’s there.
  • Locks Your Files—After all of these files are located, the Ransomware generates a unique cryptographic key and uses it to encode all your files so your computer cannot read them without the key. The key is sent off to the criminal’s library of keys, and the key is deleted from your computer.
  • Ransom Demand—By the time you realize the Ransomware is on your computer, it’s too late. A note pops up on your screen telling you that you must pay money to receive the key to unlock your files before the deadline, or the key will be destroyed for good. Usually the longer you wait, the more money is demanded.
  • Pay Ransom—In 2015, a single type of Ransomware infected 70,000 computers costing users about $325-million to retrieve their files. For an individual, demands can be as little as a few hundred dollars or as high as a couple thousand dollars. In June of 2016, the University of Calgary paid $20,000 (CND) to get their files back.

Below are some steps you can take to avoid Ransomware:

 

  1. Back-up your data. This is the most important thing you can do. Cloud back-ups are a good solution, but only if your cloud drive is not “mapped.” A “mapped” drive would appear as a drive letter like the “D” drive or the “Y” drive, or includes any external drive such as a USB thumb drive. Instead, make sure your back-up drive or service is not assigned a drive letter and is disconnected from your computer when it is not backing up data.



  2. Update your software. Operating systems are constantly being updated. Your computer should accept and install these updates a soon as they become available.


  3. Do not open email attachments from unknown sources. If you get a PDF or other attachment, think before you open it. Do you know the sender? Are you expecting this attachment? If not, it’s safer to delete the whole message.


  4. Use anti-virus/anti-malware software, and make sure it’s set to automatically update. Malware including Ransomware can be detected, but only if your virus/malware software is current.


  5. Turn your computer off if something strange is happening. Encrypting all your files takes some time. You may be able to limit the damage if you turn your computer off quickly.


  6. Take “Snapshots” of your system and be prepared to use your computer’s System Restore process to recover your computer to a time before the Ransomware was installed.


  7. Disconnect from WiFi or unplug from the network immediately. If you run a file that you suspect may be Ransomware, but you have not yet seen the characteristic Ransomware screen, you might reduce the damage if you disconnect the computer from the network immediately, before it encrypts all your files.

With the stakes this high, you can bet Ransomware will continue to grow. For more information on protecting yourself from Ransomware and other malware, go to: http://ntrda.me/antivirus.

Originally published by Lenette Votava at oit.nd.edu on October 13, 2017.