Boise State Cybersecurity Department
What is Ransomware?
Ransomware is a special type of malware that is actively spreading across the Internet today, threatening to destroy victim’s documents and other files. Malware is software—a computer program—used to perform malicious actions. While ransomware is just one of many different types of malware, it has become very common because it is so profitable for criminals. Once ransomware infects your computer, it encrypts certain files or your entire hard drive. You are then locked out of the whole system or cannot access your important files, such as your documents or photos. The malware then informs you that the only way you can decrypt your files and recover your system is to pay the cyber criminal a ransom (thus the name ransomware). Ransomware spreads like many other types of malware. The most common method involves emailing victims malicious emails, where cyber criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.
Should You Pay the Ransom?
That is a tough one. The problem is that the more often people pay these criminals when they are infected, the more motivated criminals are to infect others. On the other hand, you may have no other option to recover your files. Be warned though, even if you do pay the ransom, there is no guarantee you will get your files back. You are dealing with criminals; they may not decrypt the files, or even if they do provide you with a decryption method in exchange for payment, something may go wrong during the decryption process or your computer may be infected with additional malware.
How to Protect Yourself?
Perhaps the best way to recover from a ransomware infection and not pay a ransom is to recover your files from backups. This way, even if you get infected with ransomware, you have a way of recovering files after rebuilding or cleaning up your computer. Keep in mind that if your backup can be accessed from the infected system, ransomware might delete or encrypt your backup files. Therefore, it’s important to back up files to reputable cloud-based services or to store your backups on external drives that are not always connected to your system. Be sure to regularly test that your backups are working, and confirm that you can recover the files you need should your system become infected with ransomware.
Moreover, you can protect yourself from ransomware infections the same way you would against other types of malware: don’t get infected. Start by making sure that you have up-to-date anti-virus software from a trusted vendor. Such tools, sometimes called anti-malware software, are designed to detect and stop malware. You can configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr. It is also a good idea to disable file sharing and remote services unless they are often used and it is necessary to keep the functions on. If you do need to keep these types of services running, make sure your computer is protected with strong passwords or passphrases.
Be sure to never open attachments that seem suspicious. Phishing emails are an issue and can lead to being affected by ransomeware. Phishing emails often look like they are from reputable sources, possibly even friends and family, yet the attachments sent can have malicious viruses that can take control of your computer. For more information on phishingcheck out our main cybersecurity phishing page.
Information provided via SANS and Tripwire