How to Prevent Ransomware Attacks

image credit: BlackFog

published by Chad Evans
July 1, 2021 at 1:18 p.m.

What is a Ransomeware Attack?

Kidnappers usually ask for payment in return for a hostage. A ransomware attack works on the same principle. Instead of physically kidnapping a person, most ransomware attacks encrypt your hard drive, preventing you from accessing your computer and its data. The perpetrators ask for a payment, typically in Bitcoin, in exchange for decrypting the data.

It often takes attackers several attempts before they gain control of a victim’s system. The initial attempts seek out information, while subsequent operations use this information to access the system. For example, cybercriminals may gather information about a target through social media, press releases, and other publicly available information. They may even call the potential victim to obtain clues. 

This is all the more reason to think carefully about what you post online and how you communicate with unknown entities. Cybercriminals are looking for clues to manipulate unsuspecting prey into executing the payload.

Bad actors use initial information to construct a phish — a seemingly innocuous email, text message, or other trigger that introduces the exploit. For example, a phishing email may look like a legitimate message from a co-worker, customer, or community member with a link to shared documents or an attachment. Once executed, the attackers gain access to the computer and, often, the entire network.

Cybercriminals typically don’t wage their full attack once the system is compromised. With access to the network, they can steal information that may prove helpful in future cyberattacks. They also don’t want to wait too long, as the exploit may be detected and shut down. Eventually, the bad actors encrypt storage on one or more devices, asking for a ransom payment to restore operations.

Do Regular People Have to Worry About Ransomeware Attacks?

Anyone who uses any modern computing device should be aware of ransomware and cybercrime. Although you might not be a captain of industry, social engineering used in cyberattacks usually targets non-technical employees. I worked in an office where we experienced a malware attack because an executive opened an attachment of supposedly adult photos. Instead of enjoying raunchy pictures at work, he unleashed malware on the office and experienced a fair amount of embarrassment.

If you don’t use a computer for work, you’re in a better position. Smartphones aren’t entirely immune to ransomware attacks; however, they’re not attractive targets. Most home computer users don’t face ransomware either. Cybercriminals want millions of dollars worth of Bitcoin, and the average American not only has zero net worth but is over $90,000 in debt.

If you have deep pockets and brag about your wealth online, you could face a ransomware attack. More likely, they’ll still go after a corporation, government agency, or charity because there are more possible entry points. If social engineering fails with one individual, more attempts are possible. Nonetheless, ransomware attacks do happen to regular people. It’s always better to be safe than sorry. Let’s look at precautions we can take to avoid becoming ransomware victims.

How to Prevent Ransomware Attacks

Virtually every modern operating system is subject to ransomware attacks. Even Apple’s supposedly private and secure iOS mobile operating system can harbor phish for cyberattacks. Attackers accomplish this by pushing a phish into the iOS Calendar app when the user taps on a web page’s link or media player controls. Reddit and other popular forums often host these malicious links without awareness. It’s a confluence of user-generated content and poor moderation.

Since it’s impossible to provide guidance on every possible ransomware attack possibility, let’s look at some fundamental security practices that can keep you safe:

  • Update your operating system regularly. Typically, it’s safest to postpone operating system updates after a brand new release because new software can harbor defects. With Apple, Google, and Microsoft scrambling to address security issues in today’s climate of cyberattacks, it’s best to install operating system updates as soon as possible. Most users have automatic updates turned on. If not, it’s best to do this as quickly as possible to ensure you have the latest versions of iOS, Android, Windows, Linux, and any other operating system.
  • Back up your data often. Apple, Google, and Microsoft all have excellent cloud-based backup options. If you back up your data, ransomware can be quickly thwarted by re-installing the operating system and copying over the user data. Even if they encrypt your drive, a low-level format can remove the malware. In a worst-case scenario, one can purchase a new smartphone, computer, or tablet and restore it from backups. More advanced users may wish to take a disk image of their PC, restoring the OS and data in one fell swoop.
  • Avoid or contain questionable online behavior. If you go to the darker or more explicit regions of the Internet, it may be best to do this on a separate device. These are the spaces where cybercriminals seem to operate with reckless abandon. If someone is desperate to see a particular video, they may click on an abundance of links, infecting their device with malware. Even if one uses a separate computer, malware can spread over your home or work network. If you frequent the seedier side of the Internet, don’t be surprised if you experience frequent malware attacks.
  • Be suspicious of apps installed outside of legitimate app stores. iOS only allows users to download apps from the App Store. Both Android and Windows enable websites to install software with user initiation. Some of the biggest names in software, such as Ableton and Epic Games, choose to sell outside app markets to avoid fees. Generally, if the company is reputable and its site has a valid SSL certificate, the software should be safe. Sometimes phishing attempts spoof legitimate websites, but examining the SSL certificate can shed light on its legitimacy. If in doubt, don’t download it until you do more research.
  • Avoid third-party security software. Additional anti-virus and threat detection software is unnecessary with most modern operating systems. Norton, McAfee, and others develop anti-virus software that’s essentially useless and detrimental in some cases. Apple, Google, and Microsoft are much more aware of global security issues. They offer security updates faster than anti-virus software providers. I’ve never seen McAfee, Norton, or any anti-virus software protect a system in my entire career. I remember getting hit with Code Red/Nimda constantly until I traced it down to a shared drive and remediated it manually by re-installing Windows Server. None of the anti-virus software available offered protection against a well-known virus that was several months old. The only reason you should install third-party anti-malware software is if your company demands it. Typically, they got conned into buying a site license by a smooth salesperson.
  • Don’t put too much of yourself out on the Internet. It seems as though there’s an epidemic of social media narcissism, where people brag about their wealth and accomplishments. Such postings also serve to attract cybercriminals. The more information you give them, the better they can use social engineering against you. They can pose as a long-lost friend, encouraging you to click on a link that takes your computer hostage.

How to Eliminate Ransomware

There are various methods of remediating ransomware. The most obvious is to pay the cybercriminals; however, this encourages crime. In the case of the Colonial Pipeline shutdown, they paid the ransom. Authorities later collected almost half of the funds, but with nearly $3 million remaining, the company showed that cybercrime does pay.

It’s hard to believe Colonial Pipeline didn’t have backups. Any ISO-certified data center must backup systems and produce a disaster recovery plan. Most likely, it was more cost-effective to pay $5 million to criminals. The cybercriminals probably estimated what amount Colonial Pipeline would be willing to pay to restore business quickly. These criminals do their homework to manipulate insiders with social engineering and price the ransom.

Completely formatting a device’s secondary storage (hard drive, solid-state drive), restoring the operating system and a copy of uninfected user data is the best method of removing ransomware. In the direst case, one may need to acquire a new device. For an individual, both actions are less costly than paying a ransom. Cybercriminals probably won’t lock you out of your computer for a mere $1000 ransom. They’ll likely demand tens of thousands of dollars from an individual. Just get a new machine and restore an uninfected backup.

Having an uninfected backup is key. This means you must backup your device frequently and keep this backup elsewhere, such as “the cloud” or a network device. Cloud-based storage is best, as sophisticated malware can penetrate a home network, perhaps erasing or modifying older backups.

Don’t Panic

Ransomware seems frightening, but there’s no cause for alarm. The worst-case scenario for most people is that they lose a bunch of selfies. The average device owner isn’t storing plans to the death star. Most people who store critical or sensitive data on their devices are likely running backups. Operating systems like iOS constantly remind users to create backups. You’re most likely doing this already.

Cybercriminals prefer to go after large organizations, as they have deep pockets and more people to manipulate. These cyberattacks aren’t technologically sophisticated. The devices and operating systems aren’t the weak points. It’s people who let these cybercriminals infiltrate the system, typically by clicking on a link or opening an attachment. Only you can prevent cybercrime by being aware and prepared.

Leave a comment

Your email address will not be published.