The tech world is full of risk. Many viruses exist for not just mischief, but to make an easy payday for hackers. Ransomware is one of the most potent of the new age viruses, but its dangers don’t have to scare you. Here are a few details about ransomware, along with ways to recover easier if your systems are compromised.
What is it About Ransomware That Makes it Dangerous?
As the name suggests, ransomware is a type of malicious software that holds your software ransom. It keeps your files from you by encrypting them in a strong encryption format.
Encryption in this case means converting the file into a format or style that can’t be read without a proper key. This key often comes with a cost; a fee paid to hackers in exchanged for unlocked files.
There are multiple takes on the ransomware style of attacks. Fake ransomware comes from hacker copycats who can’t figure out or afford the true ransomware tools. These tools simply change the extension name of your files.
For example, you may have the following common files on your computer:
- .doc/.docx – Word document
- .txt – Text document
- .pdf – Adobe file
- .jpg – Image file
- .png – Image file
- .mp3 – Audio file
- .avi – Video fike
- .flv – Video file
A file such as ImportantBusinessSecret.doc can be changed to ImportantBusinessSecret.hak, ImportantBusinessSecret.brk, ImportantBusinessSecret.stl, or some other random or intentionally incorrect extension.
To fix it, you could simply change the extension to the right format. This could damage the file, or it could work and you’ll have to do that for the many files on your computer.
The more you learn about ransomware, the more you’ll know that legitimate ransomware will truly encrypt your files by turning them into what seems like random, garbled text. There’s a method to the madness; the random text is actually your files, but scrambled.
If it can’t be opened at all, it’s scrambled in a way that prevents normal opening. The file can be opened in a text editor to show the contents. Text documents will again show garbled text, but it’s important to note that any non-text documents show such text whether they’re corrupted or not.
Can Ransomware Files Be Recovered Without Paying?
As of 2019, the answer is “not easily.”
One of the more notorious ransomware threats called Wannacry uses an encryption format called RSA-2048. There are multiple types of encryption that essentially scramble your data in a way that is hard to unscramble without a key.
You’ve likely used RSA-2048 at least once, along with other encryption standards without knowing it. Most reputable websites have a lock beside their address that shares the type of encryption.
The same technology that prevents hackers from simply translating your stolen credit card data is used for ransomware. The encryption hasn’t been cracked yet, with the only successful hack being a side-channel attack.
Side-channel is just an industry term for approaching a problem indirectly. Instead of trying all possible key combinations, researchers looked for other clues. This is the same as checking for worn out buttons to find a lock combination.
Small Businesses Are The Perfect Ransomware Victim
When ransomware strikes, it has the potential to bring in big attention.
Recovering from ransomware can be very expensive. Even if your information becomes a research project for government-sponsored security professionals, you’re still risking the loss of vital information for a long time.
Large businesses have enough funds to pay big rewards to hackers, but ransomware is no longer a new threat. The best way to avoid a ransomware attack is to have secure backups, and any major corporation without proper backups at this point is doomed to fail.
Smaller businesses have less security and less resources to fight back. Although the money siphoned from a small business victim isn’t often in the millions, it’s enough. A budding hacker with new tools can buy great goods with your money.
Small businesses are smaller risks in most situations. There are a lot of ransomware victims, meaning a case reported to the FBI will likely be on a long list. Specific hackers have less of a chance to be targeted with their targets are smaller.
Local law enforcement isn’t often equipped to counter ransomware threats. If you know something special about your local authorities, keep it quiet; let hackers be surprised by a hidden cyber security expert.
For everyone else, there isn’t much that a local police station can do about encryption designed for government-grade security.
Protecting Yourself From Ransomware
The standard cyber security essentials will protect you from existing virus threats, including ransomware. Brand new viruses can devastate anyone, but it’s simple enough to prevent publically-know threats.
Modern ransomware can be prevented by keeping your computer’s operating system up to date. You should also follow a few personal security practices:
- Install, update, and regularly use an anti-virus suite.
- Install, update, and maintain a separate virus removal system.
- Keep every web browser (Internet Explorer, Edge, Chrome, Brave, Firefox, Opera) up to date.
- Avoid clicking banners and advertisement. Use a search engine if the topic interests you.
- Only download from official sites. Ask a technician to help you identify the real site if needed.
- Virus scan any questionable files first.
- Use a firewall in your business to block illicit sites.
- Allow employees to submit firewall exclusion requests. This can reduce attempts to circumvent the firewall.
Active protection is good, but not enough. Because the goal of ransomware is to encrypt and possibly infect your files, back everything up.
It’s easy to accidentally back up infected or maliciously-encrypted files, so watch systems carefully. By performing daily, weekly, and monthly backups, you have multiple recovery points.
With these multiple backup points, you will lose less data if you accidentally backup after infection. Losing a few hours, a day, or days is better than losing months or years.
Backup services are available in multiple forms. You can either use the previously mentioned daily, weekly, and monthly separation, or full daily changes.
Storage space and system performance is your only barrier. Backups are copies of your files, and they take up space like anything else. Here is an example of the daily, weekly and monthly system:
- Daily backups: Monday, 500GB. Tuesday, 500GB, Wednesday, INFECTED 500GB. Thursday, INFECTED 500GB.
- Weekly backups (saved every Friday): Week 1, 500GB. Week 2, 500GB. Week 3, INFECTED 500GB. Week 4, INFECTED 500GB
- Monthly backups (saved the last day of every month): January, 500GB. February, 500GB. March, INFECTED 500GB. April, INFECTED 500GB.
You can separate and schedule the backups in any way you want. Online backups are easy to manage as clickable files, and can be separated logically to prevent virus spread.
If you want to be extra safe, you can use both online backups and physical on-site backups.
Ransomware is an easy payday for hackers because they simply need to wait for desperate payments. You can make their damage far less critical if you have a backup to work from. Within online backups, you can schedule even faster and more diverse, last-minute backups.
For more information about ransomware, or if you’re looking to protect yourself from ransomware, contact an IT solutions professional.