Ransomware: How to Protect Yourself

Ransomware is an increasingly common form of malware which targets computers and mobile devices of both businesses and home users. Once a system is infected, the ransomware encrypts documents, pictures, videos, and other files on the affected system, which renders them inaccessible. They can only be restored either by paying a "ransom" to the attacker to obtain the decryption key or by restoring the original files from a safe backup.

Most ransomware infects a system by tricking a user into clicking a malicious link in an email or opening a malicious email attachment. Sometimes, attackers buy advertisements on legitimate websites and search engines to fool a large number of users into clicking their links which direct the users to a malicious website.

An attacker may call their intended victim on the phone and attempt to convince the victim that something is wrong with their computer and they should visit a certain website for technical support. In reality, this website is operated by the attacker, and any software downloaded by the victim will give the attacker full access to the victim's computer. The exact pretext the caller uses will vary and can be similar to other common scams. For example, they may claim to represent a government or law enforcement agency or they may impersonate a relative or coworker in distress.

Sometimes, the initial malware infection comes through more traditional hacking techniques, such as by exploiting a vulnerability in a device connected to the internet without any direct user involvement.

Once the initial malware is loaded onto the victim's system, it encrypts the victim's files and displays instructions for paying the ransom to regain access to the now-encrypted files. Ransomware can quickly spread to other devices and encrypt files it can access through a network, either in a home or a business.

To keep your systems safe, it is important to always be on guard. Don't open emails or click on links you aren't certain are safe. Don't trust callers to be who they say they are even if caller ID shows a name or number you recognize. Caller ID can be faked. Government agencies will usually mail you a letter before calling and no technical support group with whom you had no prior relationship will unexpectedly call you. It is also crucial to keep your operating system and software patched.

Firmware on any internet-connected device should be kept up to date. Such devices can include doorbell cameras, tablets, phones, routers, network-connected hard drives, refrigerators, televisions, and cable boxes. If a device is connected to the internet and to your network, any vulnerabilities within that device can be leveraged to gain access to other devices or computers on your network. If a device has reached the end of its support life from its manufacturer and no longer receives security updates, evaluate whether it should be replaced or if other mitigation options exist.

Backups are usually the only way to restore data without paying a ransom. However, if a backup is accessible from an infected computer, for example if an external hard drive is used for backups but that external hard drive is connected to the computer at the time of infection, it too can be encrypted which would prevent restoring files from it. Consider using an offline backup strategy or other solution which supports saving multiple undeletable versions of a file. This type of backup can be found in many cloud-based backup systems. That way the malware won't be able to access the data, won't be able to encrypt it, and therefore the original files can be restored successfully.

It is also important to test restoring from the backup periodically to ensure the backup is working and to verify that data can be restored fast enough to meet your requirements after a ransomware infection destroys the original files. Some businesses decide to pay the ransom rather than restore from backup because restoring from backup can take a longer time than they are willing to tolerate, and paying the ransom is faster.

Ransomware affects many people. With proper safeguards, safe online habits, and a good backup strategy, you can reduce its risks to you and your systems. For more information or if you are a victim of a ransomware attack, visit the Computer and Infrastructure Security Agency's website.