How Can I Protect Myself from Ransomware?
Credit: Tima Miroshnichenko
When a California IT expert suffered a ransomware attack, he couldn’t believe how fast it all happened.
Was he visiting sketchy casino sites? No. Had he clicked on a link in an email? No. He worked in cybersecurity. He knew to take precautions.
All this particular IT professional had done was visit a client’s website. He opened the page, and, BAM, the download began.
The software had encrypted three terabytes of data. If he wanted his files back, he’d have to pay $800.
As a former IT professional myself, I feel his pain. That line of work puts your devices at risk since you’re constantly helping out other users.
But like that IT worker, I keep an ongoing backup of my system. It runs daily, grabbing all my files. That doesn’t mean I want ransomware to hit, though.
The good news is…we’re in this together! Let’s look at how we can keep our devices safe.
What is Ransomware?
Ransoms are something we’re used to seeing in movies or reading about in books.
A criminal kidnaps someone. Then the criminal gets in touch with the victim’s loved ones. The demand? Pay money for that person’s safe return.
That money is a ransom.
Ransomware works similarly. Only in this case, it’s the data on your computer that’s kidnapped. The photos and documents, and music you assume will be there every morning when you wake up are now inaccessible.
If you woke up tomorrow and couldn’t access that information, how much would you pay to have it returned?
Hackers know that amount is at least a few hundred dollars. But that’s small change, considering the average ransomware payout is more than $4.7 million. Ransomware attacks often target businesses, organizations, and government agencies.
As with a kidnapping-style ransom, ransomware attackers promise to return your data once you pay the fee. And as with a kidnapping-style ransom, there’s no guarantee the criminals will follow through once you have paid the funds.
How Does Ransomware Infect Your Device?
For criminals to infect your computer or mobile device with ransomware, the malicious software has to first make its way onto your system.
In some cases, ransomware infects just one device. But if that device is connected to a network, it could crawl its way across the entire system.
But how does it happen in the first place? Here are some ways ransomware gets onto devices:
1. You Click on a Link
There’s a reason links are a popular way to transmit malicious software.
A hacker doesn’t even have to try to access your computer. Just come up with a convincing enough email header, give it a grabby subject line, and include wording in the message that entices you to click.
We’d never click on a link in a message, we say to ourselves. But hackers are getting more inventive with each passing year. It can be tough to detect what’s real and what’s fake.
If all the other threats that come from clicking on links don’t stop you, ransomware might.
One-click, and a file could download that encrypts every file on our computer. At best, we’ll be able to restore it from the backup. At worst, we’ll lose everything and have to start over.
One-click is all it takes.
2. You Visit a Website
Just when I thought I’d heard it all, a new term comes along:
Drive-by downloading.
With drive-by downloading, you don’t really do anything to drop ransomware on your computer.
It happens when you visit a website or boot up your computer.
A drive-by download happens when hackers find a vulnerability in a website, network, or device. The malicious software is embedded so that when someone accesses it next, ransomware is launched. Your device is infected, and you don’t even know what happened.
3. You Click on an Ad
As if ads aren’t annoying enough, now they can contain ransomware.
Known as malvertising, this scam has malware disguised as an ad on a legitimate page. It looks like an actual ad.
You click, ransomware downloads, and your device is compromised.
4. You Download an Attachment
I have another word for you:
Malspam.
Yes, like web ads, hackers have found a way to use those annoying spam messages to deliver ransomware.
Malspam can include those email links mentioned above. But they can also come in the form of attachments.
Yes, in addition to never clicking links, we’re also supposed to avoid downloading files even if they look legitimate. If you aren’t expecting it, don’t download it, even if it appears to be an innocent Word or PDF file.
5. Your Computer Is Taken Over Remotely
Remote desktop was relatively new when I last worked in IT Back in those days if an end user had a computer problem, we had to go to that person’s desk to troubleshoot.
With technology, tech workers can take a computer over from anywhere. They can even work from home, supporting users on the other side of the world.
Unfortunately, this same technology can be used for malicious purposes.
If a hacker can find a way into a device, that person can take it over. The goal isn’t to help but to install ransomware on the machine and possibly the entire network.
6. Your Microsoft Office Is Compromised
Do you still use Microsoft Office? Many businesses do.
Even if you don’t have the software on your computer, chances are you occasionally receive a Word file that you need to open.
Did you know Microsoft Office files can hide malware? That includes ransomware.
It’s not the software or the document. Instead, the software hides inside something called macros, which let you set up a sequence of actions to save time in the future.
When you open the document, the macros launch the ransomware, at which point the damage is done.
Credit: Tima Miroshnichenko
How to Protect Your Devices from Ransomware
I’m sure, like me, you’re starting to get a little nervous about all this.
The bad news is that ransomware can hit anyone, no matter who you are. Even IT experts have been tricked.
That said, there are some things we can do to reduce our risks. These measures can also help protect us against other types of malware.
1. Back Up Your Computer
Ransomware targets your files, banking on your desperation to lose everything.
Erase that from the equation.
Make it a point to back up your computer at least once a week. Preferably more often.
How do you do that? Gone are the days when you had to rely on floppy disks and CDs. No, today, we have the cloud. But there are some down-to-earth options like external hard drives if you like to keep things old school.
Here are some of the best ways to back up your files:
- Cloud backups: Services like IDrive, Backblaze, and Carbonite will cost you a monthly subscription, but there’s a benefit to them. You can set your backup to run constantly, ensuring that you won’t miss more than a day if your hard drive is ever compromised.
- Cloud sync: Services like Dropbox and Google Drive have become increasingly popular for backups. Some even choose to store their folders there so they never rely on their devices.
- External hard drives: You can purchase a physical drive that you’ll hook up to your computer and use to copy files. Some prefer this method rather than relying on a cloud service, but it does require remembering to hook it up regularly.
2. Grab Every Update
Ransomware takes advantage of vulnerabilities in networks and operating systems.
While saving updates for a day when you won’t be so busy can be tempting, we all know that day never comes. Stop and let the update run.
Better yet, have it run overnight while you’re sleeping.
For network administrators, it’s important to keep patches up to date, too. Remember that ransomware can find its way through even the tiniest opening.
3. Avoid Clicking on Links
Yes, the links again. But we can’t stress enough how important it is to avoid clicking.
But that goes for ads, as well. If you see something you like in an ad, go to the site and track the item down.
Ads can be fake, even when they look legitimate.
But it’s crucial to avoid ads that look especially enticing. Ads offering free stuff or ads that look like you have a pending message you’re unaware of.
Remember, malvertising can be found on legitimate websites. It even looks like other ads. The site administrator probably has no idea the ransomware provider has placed it there, and you won’t know until it’s too late.
4. Safeguard Your Username and Password
One type of ransomware has hackers using remote desktops to force their way into your computer.
While they can accomplish that in multiple ways, having your username and password is probably the easiest.
Avoid giving out your login credentials to anyone, even someone who convinces you by phone. If you click on a link (don’t!) and you’re prompted to input a password, chances are, that information is being captured for nefarious purposes.
To make it tougher on scammers, use proper password protocols. Make sure you’ve chosen a complex password and change it often.
Oh, and don’t use the same password for every site or service. If you have a tough time keeping track of all that login information, a password manager app like 1Password, Bitwarden, or NordPass can help.
5. Use Malware Protection Software
Antivirus protection has kept us safe for decades. If we download something malicious or visit an infected website, antivirus protection will kick in.
It could be a great place to start if you don’t already have antivirus protection.
One downside to antivirus software is that it won’t help you once your computer is infected. In other words, you can’t just run a scan and fix the problem.
But what antivirus protection will do is safeguard the files from downloading in the first place.
With the right software, you’ll see an alert if malware tries to launch. The attempt will be aborted, and you’ll go on with your life.
Best of all, malware protection is getting even better at detecting and blocking ransomware.
Norton, Bitdefender, and McAfee are all great resources for keeping ransomware off your devices.
✎ Related: What Is Malspam and How Can You Protect Yourself? ⟶
Credit: Soumil Kumar
How to Tell If Your Device Has Ransomware
Malware has a bad habit of hiding in the background, slowing down your computer, and grabbing information.
Keystroke loggers even capture every character you type.
But at least with ransomware, you’ll know, right?
Not necessarily. Ransomware can lurk in the background for a while, creeping its way through your network. Obviously, that’s bad. You’ll want to catch it as soon as possible to keep damage to a minimum.
Here are some telltale signs that you have ransomware on your device.
1. Splash Screen
Although you won’t always see the splash screen when you log into an infected device, often it’s the first sign of trouble.
The splash screen typically appears as a persistent window that fills the entire screen. You won’t be able to get around it until you pay the ransom, according to the verbiage on the window.
Splash screens can differ in how they work and how they disappear. The goal of a splash screen is to encourage you to pay. In some cases, you’re required to pay using cryptocurrency. This helps make the payment untrackable.
Typically, the splash screen is designed to look scary. Some splash screens even have a seal to make them look official. The goal is to push you to pay.
2. Suspicious Emails
The first sign of ransomware typically comes before you’re infected.
Ransomware attackers will first attempt to get through to your email. Will you click? Will you download it?
Unfortunately, you probably won’t know the software is installed until it’s too late.
But if you’ve clicked or downloaded an attachment from a strange email lately, take a look at your file extensions. That’s an early warning sign that you’re under attack.
3. Strange File Extensions
At one time, ransomware changed all the extensions to one of a few options–most notably, .encrypt.
Not anymore. Hackers have expanded their extension names, so it’s tough to know exactly what to look for.
What you won’t see, though, are the familiar .doc and .pdf extensions that should be attached to your files.
Network administrators can set up their systems to capture file histories. This will let them trace exactly when those extensions changed.
For your home devices, though, you won’t be able to track back like that. You may know, though, because one day you can’t access a file you know was available yesterday or last week.
If you notice your documents suddenly have strange extensions, it could be a sign a ransomware attack is in progress.
4. Your Antivirus Software Stops Working
We have antivirus software for the express purpose of protecting us against malware.
Ransomware creators are well aware of that.
That’s why some ransomware is programmed to disable your antivirus. Think of it like a burglar, covering the security cameras and turning off the alarm. It’s critical to continue the attack.
One type of ransomware, AVCrypt, specifically targets antivirus software, disabling it along with a portion of Windows services.
If your antivirus software is throwing up errors or is disabled, it could be a sign your device is infected.
Photo by Lisa Fotios
What to Do After a Ransomware Attack
Ransomware has taken over your device. What do you do?
First, breathe.
Yes, ransomware does put you in “emergency” status, especially if you rely on that device to make a living.
But ransomware is not the end of the world. It will take some time, but you’ll return to normal in no time. This step-by-step guide can help.
1. Don’t Pay the Ransom
If the criminals are asking for $1 million to decrypt your device, this one’s a no-brainer.
But even if the sum’s smaller and you can part with the money, the FBI says don’t pay.
There are a couple of reasons for that:
If these demands don’t work, ransomware developers may give up.
Think about it. If everyone stopped paying ransoms, there would be nothing in it for criminals. They’d find another way to scam people.
Also, there’s no guarantee paying will give you your files. Ransomware developers are like kidnappers. They’ll promise to return your loved one if you pay the ransom, but we’ve all seen that movie. Too often, they don’t return that loved one.
What are the odds your file kidnapper is being honest with you?
Some alarming statistics from a 2022 survey:
- 54 percent of businesses who paid attackers continued to have issues after “decryption.”
- 80 percent of those who paid were hit a second time
- For 68 percent of paying companies, the second hit came within 30 days and was for a higher amount
So not only do you risk not getting all your files back after paying, you let the ransomware developers know you’re a hot target.
You paid once, so chances are, you’ll pay again. And this time, you might pay even more.
2. Snap a Photo
You’ll want to capture as much as possible of what you see on the screen.
If a splash screen has taken over your device, grab your phone and snap some pictures. Same if it’s changed extensions or disabled antivirus software.
Screenshots won’t help if you can’t access those files later. Photograph the screen using an uninfected mobile device.
3. Reduce Damage
Whether it’s that splash screen or inaccessible files, the best thing you can do immediately is reduce damage.
Like a contagious disease, ransomware can spread through your network, infecting other connected devices, including smartphones, smart home devices, printers, and computers.
Disconnect the infected device from Wi-Fi. Also, remove any external devices connected to your equipment and assume they might be infected, too.
3. Start Cleanup (or Contact Professionals)
Here’s where I make a confession:
I hate technical issues.
Yes, I used to work in tech support. I just can’t anymore.
The few times I’ve had computer problems since leaving that job, I’ve outsourced it. Yes, I’ve handed my computer off to a professional.
(Quick tip: Always keep at least one backup computer. I replace my laptops once they’re old but still functional, so I’ll have that backup if needed.)
But you may want to go it alone.
If so, it’s important to determine whether you can access your device at all. The hackers may have locked things down, so you can’t do a thing.
For locked-down devices, you’ll likely have to use recovery for Windows or reinstall your MacOS.
But if you can still access things, you can use a decryption tool like Avast, AVG, or Emisoft. You’ll probably need to know the type of ransomware on your device to determine which tool to use.
6. Consider Identity Theft Protection
The goal of ransomware isn’t to grab information from your devices. It’s to get money.
But that doesn’t mean you aren’t at risk.
If hackers have compromised your system, they might have been able to grab data while they were there. This could include:
- Your Social Security number
- Your banking account information
- Your usernames and passwords
- Your medical records
- Your physical address
- Your birthdate
In other words, scammers could have the information necessary to steal your identity.
If a hacker applies for loans and makes purchases in your name, you could be dealing with calls from creditors. It could impact your credit score, keeping you from getting credit. In short, it could create a mess you’ll spend years cleaning up.
Identity theft protection services like Aura, LifeLock, and IDShield can cover costs if your identity is stolen. They’ll also monitor your credit and alert you if fraud is detected.
Conclusion
Ransomware can hit anyone at any time.
No matter how well we protect ourselves, we must be aware of the risks.
Keep an eye out for strange emails and protect your usernames and passwords at all costs. If you do find ransomware on your device, don’t pay the ransom and take whatever steps necessary to protect your information.