What is Ransomware? (& How to Prevent It)
You’ve probably heard about ransomware at some point. In case you haven’t though, Ransomware is a name given to a type of hacking attack wherein a computer is infected with a virus that encrypts all the data on a computer and then forces the computer owner to pay a sum of money in order to get their data back (your data being held for ransom essentially, hence the name).
WannaCry & GandCrab: The Largest Ransomware Attacks Ever
There was a huge ransomware attack that happened recently and gained international attention when hackers infected more than 250,000 computers in over 116 countries in less than four days of the virus being released back in May of 2018. The attack was called WannaCry and it is now considered one of the largest (and definitely most talked about) ransomware attacks ever. And, even though it was finally slowed down and a free decrypter was released to help people get their data back, it and plenty of other ransomware viruses continue to evolve and infect computers all the time.
In addition to WannaCry, there was a lesser reported-on attack called GandCrab which is still pretty prevalent actually and was far more successful in terms of money generated for the attackers. One of the big differences between the two was the fact that the GandCrab team figured out they could make more money by targeting corporations who’s data is worth more money to the owners of it. In addition to that, they had the ability to adjust the ransom amount per infection automatically–the minimum was $600 (for smaller amounts of data) but some infected users have reported as high as $700,000 ransoms. Some estimates report GandCrab has made over $300 million dollars and counting.
Something that I thought was interesting about GandCrab was the fact that Bitdefender, a private anti-malware company that I’ll talk about more in a bit actually, worked with local law enforcement and was able to hack the hackers servers essentially to get private keys from them to then create a free decryptor tool that users could download to then get their information back without having to pay the ransom. The attackers then updated their program, Bitdefender again created a decryptor and this cat and mouse game has been continuing ever since.
What is Ransomware and How Does It Work
The virus essentially finds a way to get onto your computer, either through an email attachment you download, link you click, or, as was the case with WannaCry, through a security flaw inherent in Windows itself that doesn’t even require user action on your part it simply required you to be on an older version of Windows that didn’t have the security patch (fun fact: the Windows security patch went out before the vulnerability was leaked that WannaCry used but if you didn’t update your computer in that time then you were still vulnerable).
Once infected, most of the ransomware viruses look for a specific hard-coded URL that contains a kill switch to tell it to stop. If it doesn’t find that URL, it starts to encrypt files on the computer as fast as it can. It usually would target specific file types first that are known to be more precious to a user like documents, photos, videos, music, etc. making them inaccessible by the user. After that, it would display a popup to the user explaining the situation and asking them to pay a sum of money via Bitcoin or some other untraceable currency ($300 worth of Bitcoin in the case of WannaCry) and once paid would then (supposedly, at least) decrypt the files giving you access back.
How to Prevent Ransomware
So the question is how do you make sure that ransomware doesn’t infect your computer?
Practice Safe Online Behavior
Well, firstly, you should always just practice safe online behavior. This might seem like common sense to some but some people don’t quite follow some of these simple rules:
- Do not click on links or download attachments from emails from people you don’t know.
- Only download programs from trusted sites.
- Avoid shady sites in general and use your best judgment on what constitutes a shady site.
Keep Your Computer Up to Date
As demonstrated by WannaCry and the fact they used an exploit in Windows itself that could have been stopped if the devices were just updated before the attack began, you should always update your computer to the latest versions as often as possible.
- To do this in Windows, type in Update into the search box at the bottom left of the desktop and select “check for updates”
- Then click on the check for updates button there.
- If there are any, install them. For some reason, I find that even when you tell Windows to automatically check for and install updates it doesn’t usually do very often so manually doing this once in a while is the best way to ensure you have the latest updates.
Backup Your Data Regularly
It’s always a good idea to back up your data, but in the case of ransomware, it can be super beneficial.
The virus will usually infect the computer that it is installed on but it’ll also sometimes spread to other devices on the network as well as connected hard-drives so for a backup to help, you’d need to have something that is a manual hard drive that isn’t connected to the network. The benefit to this the data you transfer to it is siloed off from the rest of your system and can’t be infected but the downside, of course, that since it isn’t connected constantly, there isn’t a way to automatically back up to it.
Invest in an Anti-Malware Program That Has Ransomware Protection
Now, if you want to take it a step further, there are some inexpensive anti-virus products out there that have some serious anti-ransomware features built-in for an extra piece of mind.
The one I’d recommend is actually Bitdefender (and if you Google around you’ll see that basically everyone recommends them, they have a ton of awards, etc. so don’t just take my word for it).
In addition to Bitdefender having a pretty sick arsenal of anti-malware, parental controls, VPN, apps for all your devices, etc. they have a feature specific to ransomware, as well, and it’s kinda clever.
Firstly, once you install Bitdefender on your computer, it will then constantly be looking for ransomware-like behavior and automatically block anything that exhibits that behavior.
If something gets passed that however, it also stops changes to any files on your system that aren’t authorized stopping the virus from being able to encrypt them and making the attack useless.
And finally, if it gets passed all of that? Well, the system can actually undo any changes to files in real-time and just set them back to how they were before they were encrypted by the virus.
So there you go, what ransomware is and how to make sure it doesn’t get the best of you and your files. Let me know what you guys think in the comments below and if you want, you can use the link below to get a free 90 day trial of Bitdefender.