Ransomware: Are You at Risk?
Ransomware is the fastest-growing form of malware on the Internet. This diabolical cyber-scourge, which encrypts one’s hard drive and demands payment for the key, has exploded in recent months. One high-profile attack has cost the city of Baltimore over $18 million. Here's what you can do to prevent a ransomware attack, and quickly recover if it does happen...
The “No More Ransomware” Project
The U.S. National Security Agency has issued an advisory warning Microsoft Windows users to update their computers to protect against a new security vulnerability called BlueKeep. The NSA is worried that it could spread rapidly, enabling a massive ransomware attack wave, similar to the WannaCry outbreak that wreaked havoc in 2017.
You are a potential ransomware victim whether you are a major corporation, a small business, or a home computer user. Ransomware doesn’t care whose computer it infects. Distributors of ransomware will tailor their demands to the victim’s pocketbook, and often adjust the price of decryption up or down during communications with a victim. The group behind the Baltimore attack demanded a $70,000 ransom, but city officials took the advice of the FBI and refused to pay.
Outdated software with known security vulnerabilities is a common attack vector. But ransomware attacks don't necessarily need to exploit software flaws. They often come in the form of clever "phishing" emails that encourage you to click a link, or open an important-looking document.
The threat has become so great that several international organizations have teamed up to fight it. The “No-More-Ransom” site is an initiative of the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security. Its mission is twofold: preventing ransomware infections and helping the infected recover their data without paying the crooks.
When you first visit the site, you’ll be asked whether you’re already infected with ransomware. Answer “no” and you’ll be taken to the Prevention page, which is full of advice on how to avoid becoming a victim. Many of these tips are things I have urged upon my readers for years, including making multiple backup copies of vital data, using robust anti-malware software, and keeping operating system and application software up to date with the latest security patches.
Trust No One
Other good advice there includes “Trust no one. Literally.” Do not click on any link or file attachment - even if it seems to have been sent by your bank, your brother the IT administrator, or your Mom - until you know what you are clicking on. If a message seems out of the ordinary, call your contact and ask if he or she sent it. No account is safe from hacking or impersonation (“spoofing”).
For further protection, enable the ‘Show file extensions’ option in the Windows settings on your computer. To do so, type “folder options” in the Start menu’s search box and click on “Folder Options” in the search results. In the dialogue window that opens, select the “View” tab. Uncheck the box next to "Hide extensions for known file types". Click “OK” to save this change and close the dialogue window.
The purpose of showing common file extensions is to help you spot executable files (programs) that are disguised as non-executables. With “hide extensions” enabled, a file named WatchMe.avi looks like a video file. But with all extensions revealed, it may be WatchMe.avi.EXE and that is a big red flag. If you see multiple file extensions, delete the file without opening it.
Are You Infected?
If you answer “yes” to the question, “Are you already infected with ransomware?” you will be taken to a series of pages that can help diagnose and treat the infection. The site’s “Crypto Sheriff” page asks you to upload two samples of encrypted files from your hostage hard drive. These are analyzed for patterns used by known variants of ransomware.
You will also be asked to send “any email or/and website address you see in the RANSOM DEMAND.” The ransom note itself contains clues to the identity of the hostage-takers and the ransomware that infects your computer.
The site will look for a decryption key or method in its extensive database of known ransomware. Hopefully, it will provide a solution that you can use to decrypt your data without paying the bad guys any money.
You might also benefit by reading the Ransomware Q&A page, which goes into detail on the history of ransomware, the various forms it can take, and how a ransomware attack works.
I urge you to take the preventive measures listed on the NoMoreRansom.org website, and keep the address handy. You or a friend may find it handy one day.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 7 Jun 2019
|For Fun: Buy Bob a Snickers.|
See These Free Microsoft Office Alternatives
The Top Twenty
Trace an Email? Here's how...
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Ransomware: Are You at Risk? (Posted: 7 Jun 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved