Security Awareness: Ransomware
In this lesson:
- What is ransomware?
- How does ransomware work?
- How can I protect myself?
- What to do if I get infected?
What is ransomware?
Ransomware is a type of malicious software (or malware) that denies you access to your computer and/or personal files. The individual or company who distributes the ransomware (a criminal) then demands payment if you want to regain access.
Ransomware accomplishes it’s mission by encrypting your files so that they are inaccessible. In exchange for the decryption key, the criminal will demand hundreds or even thousands of dollars.
Ransomware is a threat to everyone because it targets computers indiscriminately. Victims include individuals, corporations, non-profit organizations, health care providers, educational institutions, and even governments. You’re can’t be too big, too small, or too insignificant to become a target of ransomware.
The use of ransomware has increased exponentially since it first appeared a few years ago. According to security company Trend Micro, ransomware increased in volume by 172% from January through June of 2016, surpassing the totals for all of 2015. The most likely reason for this incredible growth is that so many victims pay the fee to regain access to their files. The distribution of ransomware is a lucrative business for the criminals. And this guarantees it will continue to grow.
How does ransomware work?
Ransomware malware is unique in that it encrypts files on a computer so the files can’t be accessed (rendering them useless), but typically leaves the computer intact. Affected files can include documents (Word, Excel, PowerPoint, PDF, etc.), pictures, and configuration files needed to do work. Most types of ransomware can encrypt files located on your computer and anything connected to your computer, such as a file server, flash drive, external hard drive, and cloud-based file storage like Google Drive, OneDrive, or DropBox. Ransomware also attempts to encrypt your backups so you can’t recover your files.
When ransomware encrypts your files it’s like locking them behind a door and only the bad guys have the key. The only resources are to obtain the key by paying the criminals or hope your backups are intact.
Once the ransomware encrypts your files, the you will be presented with a message and a demand for ransom money. They promise to give you the decryption key after you pay the ransom. In some cases, they even have dedicated help desks to help you unencrypt your files (after you pay of course).
How can I protect myself?
CreativeTek provides several tools to help prevent or mitigate the effects of ransomware:
- Use a powerful antivirus like Webroot SecureAnywhere Endpoint Protection
- Webroot actively scans for viruses, malware, and spyware as you browse the Internet
- It alerts CreativeTek when a threat has been detected (in most cases the threat has been addressed before we even see the alert).
- The included Webroot Filtering Extension (for Chrome and Internet Explorer) keeps you away from malicious websites
- Unlike other security software, Webroot does not need constant updates; it is always up to date by utilizing the power of the cloud
- Webroot is included as part of Complete Care [PC], Complete Care Essentials [PC], or Monitoring & Security subscriptions
- Use an email service that protects you from malicious emails like Microsoft’s Office 365
- This email service protects you by catching most malicious emails and placing them in your junk box.
- Office 365 Email is included as part of CreativeTek’s various Email subscriptions
- Install all updates and patches for Windows and other software
- Automatically installs updates and patches for Windows, Windows Server, Microsoft Office, Java, Adobe, and other tools
- Automatic weekly updates are scheduled (and monitored) for all your covered computers and servers
- Updates are included as part of Complete Care [PC], Complete Care Essentials [PC], or Monitoring & Security subscriptions
- Protect your files with a powerful backup solution like CreativeTek Online Backup
- Analyzes files for signs of ransomware, stops the backup process and alerts you if ransomware is suspected
- Keeps backups on the cloud, away from the infected computer, which helps stop the spread of ransomware to the backed-up files
- CreativeTek Online Backup is included as part of Complete Care [Backup] and Complete Care Essentials [Backup]subscriptions
- Don’t open attachments on emails which landed in the Junk folder (or stay away from the junk folder altogether).
- Avoid falling for malicious emails. Follow your instincts if an email looks suspicious; even if you know the sender.
- Do not open unexpected emails, attachments, or visit website links in messages unless you know who is sending them and why they have been sent.
- Don’t click on links in pop-ups while browsing the Internet.
What do I do if I get infected?
If your company has a cybersecurity policy indicating what to do in case of an infection, follow that policy. Otherwise:
- Don’t panic or rush to pay the ransom.
- DO NOT open any files or folders on the network (X:\ drive, OfficeShare, etc.) as this will speed up the spread of the ransomware
- DISCONNECT the computer from the network (unplug the Ethernet cable or disconnect from WiFi).
- DISCONNECT the computer from any external hard drives you may have
- Use a smartphone or camera to TAKE A PICTURE of the ransom note on your screen
- Contact your supervisor immediately or
- Contact CreativeTek at (308) 761-7611