How to Protect yourself from Ransomware: 5 steps

It’s astonishing how far hackers will go to make a few dishonest bucks. One shady scheme that has recently become more prominent is malware that is called Ransomware.

So what Is Ransomware and How Does It Work?

As the name implies, ransomware is a virus or worm that locks you out of your computer or files until you pay money to some shady hacker for the code that will supposedly unlock it. Ransomware usually works in one of these ways. You get infected and …

•    It encrypts the files on your computer’s hard drive.
•    It locks your computer and requires that you enter a password to unlock it.
•    It prevents you from using your web browser.
•    It accuses you of doing some illegal activity and tells you that you need to pay a fine.

The model for a ransomware alert
The model for a ransomware alert

Pretty nasty, right? For a lot of people, they’d almost rather have a bug that damages their computer than threatens their data.  That’s because, in many ways, the landscape of user computing has changed.  Computers, while not cheap by any measure, are far less expensive than they used to be.  What matters to people then is the time and effort spend in making stuff: documents, projects, photos, video. As infuriating as it is, ransomware represents and evolution in an old scam. Leave the hardware out of it, it’s kidnapping for your data.

So, how does ransomware spread? Sadly, the means by which these viruses get around is the same as it’s always been, so it’s more important than every to start practicing better behaviors. Usually computers become infected when you do one of the following:

•    Open an unsolicited email attachment, even if you think you know the sender.
•    Click on a suspicious link in an email.
•    Downloading something from peer-to-peer networks.

Where Was Ransomware Created (and By Whom)?

Ransomware has actually been around for many years. However, it has recently become so prevalent that the FBI has issued a warning, no doubt in response to one ransomware scam, is the MoneyPak virus, that fakes FBI warning that accuses you of engaging in some illegal activity online and demands that you pay a “fine.”

Ransomware disguised as a FBI alert
Ransomware disguised as a FBI alert

The Reveton virus is a similar scheme that pretends to be from a local law enforcement agency. As far back as 1989, there was the Aids (yeah, it was really named that)Trojan that falsely warned users that one of their software licenses was about to expire and that they needed to send $189 to a non-existent company to renew it.

One of the earlier instances of modern ransomware was a virus called CryptoLocker, which first became widespread in late 2013. The U.S. Department of Justice eventually identified a Russian hacker named Evgeniy Bogachev as the cybercrime ringleader behind this malware.

The gist of the infection is extortion, so they don’t all take the form of a lockbox and a warning. One worm developed by another group of Russians displayed porn on the screen and had people send a premium-cost text message to get the key code that would return their computers to normal. Another had victims call a fake Microsoft phone number to get the code, but they would be routed through a high-priced international operator who put them on hold so they racked up huge long-distance phone bills.

So let’s get down to it, what do I do if I’m infected?

Sadly, there’s not much you can do.  The best, best, bestest way to evade ransomware is to defend against it.  We’ll address that below, but for now, there is a protocol for minimizing damage. If you’re infected, try this.

1. Firstly, NOBODY recommends that you pay the hackers. Not only does that encourage their continued bad behavior, it could also mark you as an easy target.  And, of course, there’s no guarantee that the bad guys will actually send you what you need to unlock your system.

2. Instead, try the steps listed on the Microsoft security site dedicated to ransomware.

3. Some older ransomeware bugs have been counteracted by specialized tools. If your system is infected with the CoinVault virus, you can try a tool called Noransom that was developed by the Kaspersky anti-virus company in conjunction with the Netherlands National High Tech Crime Unit (NHTCU).

4. You can  try running a reputable anti-malware tool.  Hopefully you’ve already got a good anti-virus and anti-spyware program installed.  This is part of that whole ‘be prepared’ thing. To get a good overview on how to set up security, see our page on protecting your PC.  In short: get it active, get it updated, get it running.

5. For the love of all that is holy, don’t fall prey to downloading a tool that promises to unlock your system for a fee.  That’s just part of the scam folks.  Firstly, big agencies recognize that ransomware is a real problem, so the solutions are being offered for free if they can actually be of help.  A solution that asks for a handout in return for an easy fix is probably too good to be true.

So What Can You Do To Protect Yourself?

As mentioned before, the best offense against ransomware is a good defense. If you’ve been infected, try to implement the points that we’ve listed. Even if tools like Noransom don’t help you, it and tools like it are being developed to try and keep up with an evolving threat.

If you haven’t been infected, great.  Now stop taking risks and protect yourself and your data.

Make sure your security software is installed, active and up to date – don’t have security software? Why … I mean … WHY? See our link above on what makes a full-fledged security layout and how to implement it. Got security but it’s too bulky or heavy-handed? Check out this article on how to bring your anti-virus program to heel.

Run a firewall – these are readily available security programs that work in tandem with an installed anti-virus program.  They provide a layer of protection between the Internet and you.  Windows has one, and there are a plethora available online.

Run a pop-up blocker – it doesn’t matter what browser you use, IE, Firefox, Chrome or even the new Microsoft Edge, there are plenty of efficient popup blockers that help you at least begin to filter out unwanted requests on your browser.

Practice good email hygiene – learn about how to do this on our article on protecting data online.

Learn about sandboxes – this isn’t a new concept but using a “quarantined work space” is becoming a more and more user-friendly concept. Check out programs like Sandboxie.

Take control of Windows RDP – don’t know what that is? It’s the built-in “remote desktop protocol” a useful tool that should be run on an “as needed” basis. Lean about it here.

As for your data – Back it up. Back it up. Back it up. See below.

Backing Up

Backing up your data is a good idea anyway, and backing it up to multiple places is even better.  Be sure to keep your backup portfolio diversified: use any combination of the following:

  • Static backup – this includes two types:
    1. • 1 • on-command cloud backup
    2. • 2 • on-command physical backups such as CDs, thumb drives, portable hard drives, or external servers.
  • Automatic backup – also two types:
    1. • 1 • automatic cloud backup
    2. • 2 • automatic physical backup to things like portable harddrives.

For information and tips on how to manage all of this backing up, see some of our articles on methods for safeguarding your stuff.

Your backup choice will depend on how much data you have, of course, and what best fits your computing lifestyle.  Either way, you just have to remember that the inappropriate option is anything embedded in your computer.  That is to say, even if you just back up to another partition on your hard drive, there’s good chance that it will also contain the malware.

The Bottom Line

If you’re reading this because your system is already being held hostage, your options are limited, but they do exist.  Try the Microsoft instructions or Kaspersky tools. We can’t tell you outright to not pay the money. Hey, sometimes it works.  But we will levee the warning that you already have in your head. It’s bad to lose data, it can be worse to lose data and money.