The last post was about the origins of ransomware, from their first implementation; distributed by snail-mail on floppy disks, to city-wide attacks in Atlanta. In this part, I’ll explain a little bit more in depth, how some of these schemes are implemented, and write about what you can do to protect your network and files, as well as respond to these kinds of attacks. Hopefully, understanding how ransomware works will encourage readers to finally click that software update, or change their outdated passwords. Generally speaking, there are two kinds of incursions: the kind you can prevent, and the kinds you can’t. I’ll talk about what you can do in each case, and how to prepare for when someone gets through your defenses.
The most common way attackers get their hooks in a network is through phishing. That’s when they create an email that looks like it’s from a legitimate source. When you click the link, it will either download malicious code or take you to a decoy site and try to convince you to enter important information, such as username and password.
Another way that people can get information is through known security holes. Some examples are the Heartbleed Bug, or the EternalBlue exploit. Both have become widely known, and the companies who make products that are vulnerable to these exploits have released software updates to fix those security holes.
What should you do to protect your system from either of these attacks? It seems like it would be pretty obvious: don’t click on mysterious links from disreputable sources. That’s easier said than done, though, since the goal of phishing is to make the scam look as genuine as possible.
Sometimes, even if you’re really careful, intruders can get past your security. There are some attacks that we have no control over. One kind of attack like this is a Zero-Day Exploit. It refers to a means of breaking into a computer system that isn’t known to the manufacturers of the system. In the example of the Heartbleed bug, it would be considered a zero-day exploit until the manufacturer found out about it, and could begin to develop software patches to plug that security hole. If no one but intruders know about the exploit, then there’s nothing to be done to prevent the intrusion.
Now that you have an idea of how ransomware gets into your system, here are the main things you can do to plan for and prevent someone from getting their hooks into your system.
Regularly update your software
If a security hole exists and is known in some program, app, or software, the company that makes the app should release updates that fix those problems. Whenever you see a notification to update your software, it’s a good idea to do it. It might be a bit inconvenient in the moment, but it’s way better than being locked out of all of your private information!
Be mindful of what emails and links you click on
Sometimes recognizing a phishing scam is as easy as getting an email that’s full of spelling and grammar errors, sometimes it’s as subtle as getting a facebook message out of the blue, from an acquaintance you haven’t talked to in 10 years. If you’re not sure, it’s better to be safe than sorry. Upload suspicious files to VirusTotal (https://www.virustotal.com/gui/). Gmail has a built-in virus scan that you can use too.
Backup your files!
The goal of ransomware is to cut you off from your data. That could be family photos, music libraries, sensitive documents, etc. A good way to remove the threat that ransomware poses is to remove the leverage. If you backup your info and it gets held for ransom, all you have to do is wipe your computer’s memory, restore it to factory settings, and then download all your data from an external source.
Store them Separately
Make multiple copies, and keep them in different places. A lot of apps and services that handle data storage are interconnected, so on the off chance that one of the storage services is compromised, having an alternate storage location just means extra security.
Regularly update your passwords
This one can help against security leaks where your login information might have been stolen. Chrome has a built-in monitor function that checks for compromised login and recommends updating certain passwords. Take their advice!
These are some basic things you can do to protect against ransomware. Hopefully this helps folks to prevent losing information, or having any loss of sensitive information. It can be very painful to lose sentimental files, or a headache if you lose that portfolio of writing. Good luck!
Corbett Winningham 