The ransomware industry has exploded recently. Often, hackers demand bitcoin payments in order to restore computer systems. Bitcoin.com investigates what to do to prevent ransomware attacks.
2016 ‘The Year of Ransomware’
A report by McAfee Labs published in December revealed that the number of new ransomware samples totaled 3,860,603 in the third quarter, which is an 80% increase from the beginning of the year. With a huge jump in the number of ransomware attacks coupled with significant technical advances in this area, the company predicted that “2016 may be remembered as ‘the year of ransomware’.”
These malicious software programs encrypt files on an infected computer and then require payment from the victim to recover them, often in bitcoin. According to Infosec Institute, the most widely known bitcoin ransomware applications are CryptoWall and CryptoLocker.
Even if you are attacked and decide to pay the ransom, the FBI warned in September that there is no guarantee you will regain access to your files. The agency revealed:
Recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.
Get Educated and Trust No One
The best practice is to employ preventative measures to defend your network from getting infected with ransomware. The first line of defense is education.
Users can educate themselves to “scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails,” the FBI recommended. In addition, software should only be downloaded from trusted sites. “When possible, verify the integrity of the software through a digital signature prior to execution,” the agency noted.
“Trust no one. Literally,” advised an initiative of the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security called “No More Ransom!” The project’s website warned that:
Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner.
Various tricks and tools exist to help users spot malicious files such as enabling the ‘Show file extensions’ option in the Windows settings on your computer. “Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’,” No More Ransom! wrote. “Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).”
There are many software users can easily install to increase their network security. Security Awareness Training platform, Knowbe4, suggested the following checklist.
- Ensure you have and are using a firewall.
- Implement antispam and/or antiphishing.
- Use top notch, up-to-date antivirus, set to automatically update and regularly scan.
- (Optional) Implement software restriction policies on your network to prevent unauthorized applications from running. “There are certain directories that ransomware infections will typically start in, and by isolating these directories with a software restriction policy, you can cut down on the susceptibility of infections,” Knowbe4 explained.
- Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, and Web browsers.
The last line of defense from ransomware attacks is backups which can be software based, hardware based, or both. Knowbe4 suggested that in addition to regularly backing up files, the restore procedure should also be routinely tested. “Test the data integrity of physical backups and ease-of-recovery for online/software based backups,” Knowbe4 advised. Once your data is backed up, make sure it is not easily accessible by other computers such as keeping it off-site. If your backups are easily accessible by a computer infected with ransomware, they too could be encrypted.
No More Ransom! recommended “It’s best to create two back-up copies,” suggesting storing one in the cloud and one physically such as portable hard drive, thumb drive, or extra laptop. However, the FBI noted that “some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.”
While preventative measures can help a long way towards avoiding ransomware infections, it is not a complete safeguard. Not More Ransom! Noted that:
If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
What do you think of these measures to avoid getting ransomware? Let us know in the comments section below.
Images courtesy of Shutterstock, McAfee Labs, FBI, Knowbe4, No More Ransom!
Bitcoin.com is ramping up our tools section with a variety of useful Bitcoin-related applications. There’s a price converter, paper wallet generator, a faucet, and a verifier to validate messages using the Bitcoin blockchain. We’re pretty excited to introduce these new widgets and tools so our visitors have the best resources to navigate the Bitcoin landscape.