A term that strikes fear in computer users around the world (except, perhaps, in Russia) – and rightly so! According to an e-mail newsletter I just received from Webroot the most recent incarnation is both more sophisticated and more expensive than any previous version. It is referred to as CryptoWall 4.0, and the going rate for the “key” you will need to decrypt your computer files is now $700.
For those not familiar with the term, “ransomware” refers to malicious software installed on your computer designed to kidnap your files. It encrypts your files, so that you cannot access them or use them. Shortly after encryption a message will appear on your computer screen telling you that your files are now encrypted and that you have a limited time to pay a ransom to that person or organization in return for the decryption key. You will be told to purchase Bitcoins equivalent in value to the ransom amount specified, and be given instructions about how to do this and how to transmit those Bitcoins to the kidnapper. This notice may include a reminder that if the Bitcoins have not been received by the deadline specified, the amount of the ransom will double. Further, if the ransom has not been received by the specified date, the decryption key for your computer will be destroyed. If this happens, your computer files will be forever encrypted and unavailable to you. Here is a sample of such a notice, which I found on the “bleepingcomputer.com” website:
Because the software used to encrypt your files mimics legitimate encryption that you might choose to do yourself, firewalls and antivirus software typically do not offer much protection against ransomware. Further, as security software firms have tried to come up with preventative or remedial software, the people behind ransomware have continued to modify their software to stay at least several steps ahead.
To give you a sense of what is driving the “bad guys” to pursue this line of work, I’ve seen an estimate that one of the first variants of this software, Cryptolocker, netted $325,000,000 in ransom payments during the first year it was being used. (Ransomware is used against businesses and government agencies, as well as individual computer users. Needless to say, the ransom demanded from the larger victims is considerably higher than the ransom for individual users; I remember at least one anecdote about a municipality which paid $75,000 to get the private key needed to decrypt their files.)
By now you are probably asking yourself, “If my firewall and antivirus software will not protect me from ransomware, what can I do to protect myself?” If you dig into this subject on the Internet, you will find some elaborate, technical approaches (that are beyond my level of expertise). Further, implementing some of these features may impede normal computer operations. However, there are some relatively simple things you can do to minimize your vulnerability. These include:
1. If you have not already done so, establish a “limited” or “standard” user account on your computer (in addition to the “administrative” account that you had to create to use your computer in the first place). Then, stop using your administrative account completely – other than to install, update or remove software or perform other essential administrative functions. Use your new standard account for all Web-related activity. Why? Because prior administrative approval is required to make any changes to your computer when you are operating in your standard account. This limits the ability of the bad guys to trick you into installing an “.exe” file on your computer.
2. Speaking of installing “.exe” files, all the usual warnings against “phishing”, indiscriminate Web surfing, opening email attachments and clicking on links contained in emails and on Web pages apply to ransomware as well!
3. Make sure that you keep your operating system and all application software up-to-date! This minimizes opportunities for the bad guys to exploit vulnerabilities in your software. (There is a free program called Secunia PSI, which will do this for you. It will notify you whenever if it finds that one of your programs is out-of-date, and it can be set to automatically update out-of-date programs if you wish.)
4. When choosing internet security software, try to find a version that may offer some protection against ransomware. (I use Webroot Secure Anywhere software, in part because it differs in its approach from most other security suites and I believe that this gives it an advantage in blocking new or unusual threats.)
5. Back up your computer files! However, there is a twist to this recommendation. It is not enough to back up to an external hard drive, permanently-installed removable storage device or cloud-based storage account. This is because the people behind ransomware are becoming increasingly sophisticated and have found ways to encrypt not only the files found ON your computer, but also the files connected TO your computer. For better protection, I am now seeing recommendations to use two external hard drives or other storage devices for backup, one at a time. This way, one hard drive or other device will always be disconnected from your computer and your network – and invisible to the bad guys. Even if they’re able to encrypt all files on your computer and connected to your computer, they can’t reach that disconnected hard drive.
If you have additional information or ideas about how to protect against ransomware, please send it/them to Mike McEnery to include in future newsletters or share with members at our monthly meetings. Thanks!