fbpx

What Is A Ransomware? And How To Avoid Being a Victim?

HOW TO AVOID RANSOMWARES

LET’S SAY YOU COME HOME from work one day and log on to your computer, but you can’t open any of your files. No matter what you do or how hard you try, you simply can’t retrieve them. Regrettably, you realize that you’ve never backed up your important information, such as photographs, documents, music, videos, and contacts, and now it might be gone forever. Or maybe you did try to back it up recently but, for whatever reason, it didn’t work.

What if you’d been writing a thesis paper for months to complete your graduate degree? What if you were an author who had already written 80 percent of your next novel? What if you were a bookkeeper? A lawyer? A doctor? How much would you be willing to pay to get your clients’ files back, instead of losing them forever? Would you pay $200? Or maybe $500? Or even $1,000? What if you found yourself in this quandary and were suddenly presented with a solution and opportunity to get all of your stuff back? It sounds like a great business decision—especially for the bad guys who are holding your information hostage.

Encryption has been a wonderful thing in the digital world. It was designed to keep our computers safe, so, as long as your information was encrypted, any would-be thieves who found your laptop (or stole it) wouldn’t be able to gain access. Unless your password is extremely weak, such as jordan2005 or password123, a bad guy would probably have a difficult time accessing your files.

As a result, cybercriminals figured out a way to subvert the value of encryption and use it against you to make money. Hackers created what we now call ransomware; you may have heard of some recent examples, such as the Cryptolocker virus, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.

Ransomware is a type of malware that targets both human and technical weaknesses in an effort to block users from accessing important data and/or systems—until the victim pays a ransom in exchange for a decryption key that unlocks the captive files and/or system.

Here’s how ransomware works: You log in to your computer and can’t access any of the information. After you figure out that you can’t remove a nasty virus to open your files, you’ll find a note in your system that says something like, “Hi, my name is Boris Badenov.

If you don’t pay me $500 in bitcoin in the next twenty-four hours, you’ll never get your information back.” You, like most people, may not even know that bitcoin is an untraceable virtual electronic currency. Because Boris is so nice, he has presented you with a low-cost solution that will allow you to retrieve your files. It’s like he’s giving you a magic wand to make the nightmare go away, right?

How did you get ransomware on your computer? You most likely received a spear-phished email with a link, and when you clicked the link you were taken to a website where the malicious payload was installed.

There’s a good chance there was a vulnerability in one of your software programs, and either you didn’t patch the program or the crooks discovered it before the vendor did. Once a malicious payload is installed on your computer, it locates all of your important files—documents, photos, videos, databases, and music.

The ransomware is designed to encrypt all of that information and lock you out; some variations of ransomware even impact your operating system and prevent the computer from starting. The encryption is sophisticated and usually unbreakable; a supercomputer at a university isn’t even powerful enough to defeat it.

Ransomware can be especially damaging to your computer at work, which is probably connected to a network. If the network is poorly configured, the infection can spread through an entire organization.

In my opinion, only a small percentage of these sorts of losses are ever reported to law enforcement because of embarrassment and fear of reputational damage. I have witnessed cases like these play out on an almost daily basis.

Large organizations are getting better at recovering from these incidents, but more homeowners and small businesses are becoming victims of ransomware all the time. In 2017, for example, the FBI’s Internet Crime Complaint Center reported receiving 1,783 complaints identified as ransomware, with losses totaling more than $2.3 million. Those were only the cases that were actually reported to the FBI.

Some cybersecurity firms have suggested that the number of ransomware attacks worldwide might be closer to seven hundred thousand or more annually, and Cybersecurity Ventures predicts ransomware damages will climb to $11.5 billion globally by 2019. Ransom demands are typically between $500 and $1,000 for each individual attack; the data-kidnappers generally ask for lowish ransoms so more will be paid.

However, some ransoms have been much more expensive for larger companies. I had one company call me and say it paid $28,000 in ransom but still didn’t receive the decryption keys. In 2017, South Korean web provider Nayana paid three hundred and ninety-seven bitcoin—about $1 million U.S. at the time—to unlock more than three thousand four hundred websites that were encrypted with ransomware. At the time, it was the single largest-known payout for a ransomware attack.

If you hadn’t heard of ransomware before, you probably learned about it on May 17, 2017, when the WannaCry ransomware was released. It infected computers and networks around the world, and it certainly made a lot of people want to cry. WannaCry infected Windows computers with a worm that encrypted files on the hard drives and made them impossible for users to access.

The attackers took advantage of a flaw in Microsoft that had previously been detected by the National Security Agency. Microsoft released a patch to prevent penetration, and anyone who updated a system had nothing to worry about. Of course, not everyone downloaded and installed the patch.
WannaCry infected about two hundred thousand computers in one hundred and fifty countries around the world; the four most affected were Russia, Ukraine, India, and Taiwan.

One of the largest single agencies impacted by the attack was the National Health Services network of hospitals in England and Scotland—as many as seventy thousand devices, including computers, MRI scanners, and blood-storage refrigerators were infected.

Large companies such as Honda, Hitachi, Nissan, Renault, FedEx, Deutsche Bank, and LG Electronics, as well as universities in Colombia, Greece, Italy, and China, also reported their networks were infected with WannaCry. Even governments weren’t immune from the ransomware; the Russian Ministry of Internal Affairs, Chinese public security bureau, and state governments in India were also targeted. It was estimated that WannaCry caused $4 billion in damage and ransom worldwide.

Healthcare providers, in particular, are targeted most often because their patients’ information is so critical to operations and so sensitive in nature. In February 2016, a hacker attacked computer systems at Hollywood Presbyterian Medical Center near Los Angeles.

The hospital paid a $17,000 ransom in bitcoin to obtain a decryption key; it disputed an earlier report that hackers wanted $3.4 million. In March 2016, cybercriminals infected more than nine thousand machines at Ottawa Hospital in Canada, but the hospital was able to wipe the drives and recover files from backups.

Public agencies and critical infrastructure, including transportation and utilities, are also popular targets of ransomware. In November 2016, computer systems at San Francisco’s transit system, Muni, were attacked. The cybercriminals wanted $73,000 as ransom, but the transit authority refused to pay and restored its system in two days. It still suffered significant losses, though, because riders were allowed to ride for free during the two days the computer system was down.

When I receive a call from ransomware victims, I tell them they’re going to be okay as long as they have a good recent backup. In most cases, there’s dead silence on the other end. If I don’t hear a word for three or four seconds, I pretty much know they don’t have a recent backup in place.

Sending bad guys money for a decryption key should really be called “pay and pray,” because what you’re doing is paying a ransom and then praying you’ll get your stuff back. I’ve had cases in which victims paid and still didn’t get their money back, and others in which victims paid and then the crooks asked for even more money.

As the saying goes, there’s no honor among thieves. I try to explain to victims that it’s never a good idea to pay the ransom; it only keeps them in business. Even worse, the money you pay them not only supports criminal organizations but maybe even terrorist groups. As I’ve said a few times already, a good backup of your data can save you a world of heartache.
To be clear, the FBI does not support paying ransom to cybercriminals. In its 2017 Internet Crime Report, the FBI described its policy about ransomware:

Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit and provides for a lucrative environment for other criminals to become involved. While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.

I couldn’t have said it better myself.

How long can a business survive without access to its network or records? Not for very long. I remember receiving a call from the owner of a small accounting firm who called me in a panic when his files were held, hostage. His firm’s IT company had been trying to retrieve his data for a month.

To make matters worse, it was April 14—the day before the federal tax deadline. The hackers had frozen the firm’s work from the previous month. The owner of the accounting firm made the best case I’ve ever heard for paying the ransom. “If I don’t pay the $500,” he told me, “then I will lose approximately $150,000 in billable work, and I’ll go out of business.” I wished him luck and told him I’d pray for him. As I said, when you pay the ransom, you usually don’t get your stuff back.

Sometimes the bad guys have no intention of unlocking your data, and other times the encryption keys are lost forever. Cybercriminals don’t like to keep incriminating evidence on their own computers, so they’ll often hide encryption keys on other people’s computers—the ones they’ve already hacked. Every so often, a company discovers that bad guys are using its computers and immediately takes them offline.

When that happens, the victims who paid ransom for encryption keys might be out of luck because the cybercrooks can’t access the keys even if they wanted to.

Like most cybercrime, identifying and apprehending the criminals behind ransomware is never easy. In one of my FBI investigations, a criminal who developed a specific variant of ransomware was indicted by the U.S. Attorney’s Office. The problem was that he lived in Russia, and the Russian government doesn’t cooperate with the U.S. when we want to arrest one of its citizens for computer intrusion.

Nonetheless, the FBI and other international law enforcement agencies are certainly trying to stop the bad guys behind ransomware. In December 2017, the FBI and UK National Crime Agency, along with Romanian and Dutch investigators, arrested five individuals in Romania who were suspected of spreading two major ransomware variants—CTB-Locker and Cerber. Google’s research estimated that Cerber had generated about $6.9 million before it was stopped.

Two of the suspects arrested, a twenty-five-year-old man and twenty-eight-year-old woman, were also suspected of illegally accessing one hundred and twenty-three computers that help run the Washington D.C. Metropolitan Police Department’s surveillance cameras.

Not coincidentally, this happened just ahead of President Donald Trump’s inauguration in January 2017. Remember what I said earlier? These hackers aren’t teenaged kids sitting in front of computers in their parents’ basements. They’re intelligent, sophisticated hackers who have unfortunately decided to use their skills to commit major crimes.

Not coincidentally, this happened just ahead of President Donald Trump’s inauguration in January 2017. Remember what I said earlier? These hackers aren’t teenaged kids sitting in front of computers in their parents’ basements. They’re intelligent, sophisticated hackers who have unfortunately decided to use their skills to commit major crimes.

What’s the best way to back up your data? The first and most important step is to identify your mission-critical information. If you’re working on a thesis paper or bestselling novel and haven’t made backup copies, you’re at great risk.

The same goes for tax records, accounting spreadsheets, and other important business documents. You can always reinstall software programs and maybe retrieve music, but some things are too valuable to lose. Think about it for a while, and then go to your computer and open your files.

A lot of people prefer to store their most important documents in free cloud-based accounts like Google Drive, Microsoft’s OneDrive, Apple’s iCloud, or Dropbox. But keeping a copy in the cloud without two-factor authentication is just asking for trouble, in my opinion.

The best thing to do is to go out and purchase a portable USB hard drive; a 1 TB drive costs about $60. Then copy your files from the computer to the external hard drive either manually or using one of the many available software backup options. At that point, you’ll have a complete backup for your most important documents.

When the backup is complete—and this is important—unplug the drive from your computer and put it in a safe place. Then set up a schedule and back up your data accordingly, whether it’s daily, weekly, or monthly, or whatever fits your needs.

Now, what if there is a fire in your house and both your computer and the backup drive are destroyed? You can purchase a fireproof box and hope it makes it through a fire or that it will survive a tornado or a flood. Another option is to use a paid online backup service, such as Amazon Cloud Services or Carbonite.

Find one that supports most of your devices and use the downloadable app provided to make a mirror image of your files. The best option is to do both: Back up locally on a hard drive you can keep safe and back up to a cloud storage provider that keeps your data safely offsite. As many security professionals say, if you don’t have at least three copies of your data, your data isn’t really backed up at all.

There is nothing worse technologically than not having your important information backed up or realizing that your computer has been infected with ransomware, leaving you no choice but to pay and pray that you’ll get your stuff back. Don’t let Boris steal or encrypt your only copy of your important files. Get a backup strategy in place today.

HOW TO AVOID BECOMING A VICTIM

*Identify your most important data and regularly back it up, always verifying the integrity of those backups. Backups are critical in ransomware attacks. If you are infected, your backups might be the only way to recover your critical data.

*Secure your backups. Make sure they’re not connected to the computers or networks they’re backing up. Secure backups on the cloud or physically store them offline on external hard drives.

*One backup is never enough, so make sure to use a cloud-based backup system, as well as an external hard drive to be especially safe. Be sure to use a cloud service that offers two-factor authentication—and turn that feature on immediately.

*Patch your operating system and set up regular and automatic updates. Ransomware writers are constantly writing new variants and strains, and software vendors regularly offer patches and updates to protect systems from new ransomware.

*Make sure your browser is also up to date, whether it’s Microsoft Edge, Google Chrome, Firefox, Safari, Opera, or anything else. They all have vulnerabilities that are being patched all the time.

*Be certain that you have a reputable antivirus security suite and firewall installed on your computer. The antivirus software will help you identify threats or suspicious behavior.

*Most importantly, as always, think before you click a link or open an attachment. Practice your human firewall skills. Most ransomware is installed when the victim clicks a link or opens an attachment.

*Employ content scanning and filtering on your email servers. The incoming email should be scanned for known threats and block any attachments that might pose a threat.

*If you fear your computer has been infected, immediately disconnect it from your network and disable Wi-Fi and Bluetooth to prevent the malware from spreading to other machines.

*Don’t pay ransom to the hackers. Studies show that hackers still fail to decrypt the victims’ data one of out of every four times, despite being paid. Remember that paying the bad guys only encourages them and funds their illegal operation.

CHECK OUT: How you can Create a Strong Password