Skip to content

Ransomware

June 12, 2016

It’s been in the news lately.  The University of Calgary paid $20,000 to the hackers who launched a ransomware attack against them.  A dog rescue charity paid the ransom to get their computer files back.  Is this just something that happens when computers are connected to the Internet?  Is there nothing that can be done about it?

It’s an attack on Microsoft Windows computers: desktops, laptops, or tablets.  Ransomware encrypts all of the data files on your computer, making all of them unreadable unless you provide the decryption key.   It will even do this to your backup files if they are online at the time.  Then, it demands a ransom payment from you, if you ever want to see your files again.  If you pay the ransom, it will decrypt all of your data files, leaving them intact once again.  If you don’t pay, it will destroy the decryption key, leaving the files forever unreadable.

Victims don’t realize that they, the computer user, played a part in the ransomware attack.  Often, it begins with e-mail that contains a dangerous attachment.  The text of the e-mail message convinces the user to run the attachment.  Windows makes this easy to do.  It may also begin with an infected web site.  When the user views this web site, their web browser downloads and runs a malicious Javascript program.  This program exploits a security opening in Windows.  In either case, the attachment or Javascript program downloads and runs the ransomware program.  It’s this program that encrypts your data files and demands the ransom.  If you need a more technical description, see the SANS site.

What can you do to recover from such an attack?  Your best option is to restore all your files from backup, if you have been making regular backups of your data, of course.  You will have to recreate any data that you entered after the last backup.  If you don’t have backup, you still have two options.  One is to reinstall Windows on your computer.  All of your data files will disappear.  You will have to recreate them.  The other option is to pay the ransom.  If you do this in time, the ransomware will decrypt all of your files, leaving them as they were.

Better yet, you can prevent ransomware attacks from hitting your computer.  In a corporate environment, the IT department will be responsible for protecting all of the computers owned by the organization.  They will design a security system that prevents individual users from running malicious programs, and that will permit fast recovery of data files that are damaged or lost for any reason.  Usually, this means that the IT department will have complete control over your desktop computer.  They will impose many restrictions over what you can do on that computer.  You will have to understand that these restrictions protect your computer, as well as all the other computers and servers on the corporate network.

There are also a few things that you can do to protect your home computer from ransomware attacks.  Having a secure and reliable backup system is your first line of defense.  It will protect you against many threats, such as a disk crash or a fire, not just against ransomware.  Make sure that the backup files are not mounted on your computer while you are reading e-mail or browsing the web.  Next, ensure that your computer receives frequent updates from Microsoft.    For more protection, remove Administrator privileges from the account that you normally use.  You will have to set up a separate account that has Administrator privileges, and use this account only for installing software on the computer.  Since you don’t have an IT department’s protection, you will need to be careful yourself.  Heed any warning messages from Windows.  Don’t open dangerous e-mail attachments, even if they seem important to you.  Avoid viewing dangerous web sites.

Don’t put your faith in anti-virus software or firewalls.  Ransomware is designed to evade these products.  There are ways to protect your data files, but not this way.  Understanding how ransomware gets onto your computer is the key to defending against it.

 

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: