Over the last few weeks, I’ve had a few friends ask me for advice related to the recent WannaCry Ransomware attacks. For those of you not familiar with Ransomware, it is a type of a computer virus that restricts access to a system until a sum of money is paid to the attacker. WannaCry is a dangerous variant of Ransomware because it is designed to spread very quickly throughout corporate and private networks. At the height of the WannaCry Ransomware infection, it crippled organizations ranging from auto manufacturers to hospitals.
Unfortunately, this virus has affected consumers as well. People all over the world have lost access to their most prized digital assets including family photos and videos. My advice to the average consumer about Ransomware really boils down to three basic concepts. You need to take steps to make sure that you’re able to prevent, detect and respond to Ransomware. Fortunately, you can take the necessary steps without a ton of effort or financial investment.
Obviously, it would be ideal if you could just prevent Ransomware from infecting your computers. Preventing a computer virus starts with being vigilant. Most infections of WannaCry began with a simple phishing email. It’s very important that you exercise caution when opening emails from unknown senders. Also, be sure to look for the signs of a phishing attempt.
I’m sure at some point you’ve had to respond to an annoying message asking whether or not you want to install a software update. I’ll be the first to admit these tend to happen at the most inconvenient time. Most of the time you don’t even notice a difference after these updates are installed. However, these updates often contain important security fixes and should be installed on a regular basis. In fact, installing one of these updates for Microsoft Windows would have drastically reduced the likelihood that your computer would have been infected with the WannaCry Ransomware.
Another way of preventing a Ransomware attack is to leverage Antivirus. It’s important to note that installing Antivirus won’t guarantee that you’ll be protected from malware. However, it will likely protect you from a majority of potential Ransomware infections. Also, with effective and free Antivirus solutions from companies like Sophos, there’s no excuse not to have Antivirus installed on your PC/Mac.
Normally, you need to take special steps to ensure that you’re able to detect that your computer has a virus. The main difference with Ransomware is you’re almost always aware when it happens. This is because attackers typically display a large message on your computer screen indicating that your files have been locked along with instructions for payment. However, behavior-based Antivirus software can be effective in notifying you that it has detected a Ransomware infection before a majority of your files have been locked/encrypted.
It’s important to prepare yourself for the likelihood that all of your methods of detection and prevention will fail. Even if you have Antivirus installed and are extremely cautions when opening emails, you can still end up with a Ransomware infection. There are a few steps you can take to make sure that you’ll be able to recover from the attack. The most step is implementing automated cloud-based backups.
As I mentioned previously, even the best defenses can eventually fail. Despite the best efforts and intentions, you might discover that your most important files have been encrypted. This is why it’s important to have some form of automated cloud computer backups. By using a backup service like Carbonite, you will be able to recover your files from the backup provider without paying a ransom to the attacker that encrypted them. Also, cloud-based storage providers such as Dropbox provide easy mechanisms to recover your files in the event they become encrypted by Ransomware.
If you find out that one of your computers has been infected by Ransomware, do everything you can to avoid making the payment. Making the payment will likely just put a bigger target on your back and it will become that much more likely that you’ll be targeted again. If you find yourself in a situation where your files are encrypted without a backup, you can attempt to leverage a 3rd party tool to decrypt/unlock the data. However, there is no guarantee that a decryption tool will exist for the particular Ransomware variant that you have.
- Just to summarize…
- Exercise caution when opening emails from unknown senders
- Make sure that you have automated cloud backups using a service such as Carbonite
- Verify that an updated version of Antivirus is installed on your computers
- Install security updates on a regular basis
- Do everything you can to avoid making the Ransomware payment