Ransomware attacks are some of the scariest cyberattacks of them all. By using methods that were originally designed to protect people, some hackers will literally hold your entire system for ransom. Like kidnappers of any sort, these people cannot be trusted to keep their word, even if you were to meet their demands. Thus, the only way to prevent this kind of disaster is through proper preventive measures. In this article, we will go into that subject in greater detail.
Understanding The Enemy
In order to protect against an enemy, you must know a few things about them. So, let’s do a little reconnaissance and see what we can find. Overall, we find that this problem is extremely widespread, and it seems to have a higher success rate than most other hacking attacks. That, in itself, explains why this technique has been used to target so many high-level targets.
Ransomware attacks are serious enough to compromise entire cities, something that we found surprising. Even worse, the majority of documented attacks like these seem to have been successful. For instance, the city of Baltimore had its entire infrastructure seized by hackers. They refused to pay the $80,000 ransom demand and ended up paying more than $18,000,000 in restoration costs. Two cities in Florida were similarly hacked, and these criminals collected over $1,000,000 in total.
How Does Ransomware Work?
If you don’t know anything about encryption, you should really take the time to educate yourself. Encryption is one of the best ways to protect your data, and it is one of the few methods that can be nearly 100% effective (if used correctly). At a fundamental level, all computer data consists of binary code. Binary code is just a bunch of 1’s and 0’s, but it is very important…mostly because it serves as a set of instructions that tell the computer what to do.
So, what happens if you take all of these 1’s and 0’s and scramble them up in a big unruly mess? You get a bunch of data that cannot be read or used. In order for this mess to be converted back into useful, organized data, the computer must use something called an encryption key.
Now, here’s the important part: The encryption key is not stored on the computer. Instead, it is generated from your password using an algorithm. Thus, the computer is not capable of decrypting the data without the input of your password. This simple and effective structure is what makes encryption so effective. Unfortunately, hackers are able to turn this effectiveness against you.
Ransomware works by first taking remote control of your system. This is most often achieved through the use of malware, which is most likely to come in the form of a phishing email. Once the hacker is inside, they encrypt all the data in place before sending a ransom message.
Defeating The Enemy
You should now understand how ransomware works, but that is not enough to make yourself safe. Let’s go over a few common-sense tips that will help you to deal with this threat:
Think Before You Click On An Email Link
On the internet, it is very easy to click without thinking, but this is probably the #1 way to become infected with malware. Cyberattackers understand that this kind of “compulsive clicking” is very common, and they have many ways of taking advantage. Since it is the most common method of attack, we should talk about phishing emails.
Phishing emails use a boobytrapped link that has been disguised as a legitimate one. When you click on the link, it will capture your IP address (and your personal information with it) and prompt you to enter more personal information (login credentials, bank account info, etc.) Make sure you always hover over the link and look to see exactly where you will be taken. You can also double-check a suspicious email by verifying it with the alleged source.
Use Long And Complex Passwords
When someone is attempting a ransomware attack, the hardest part is the initial “foot in the door” phase. They will probably have to trick you into revealing login credentials (as in the method described above). However, if your password is weak, they won’t even have to do that.
A good password should be: 20-30 characters, at least one uppercase letter, at least three numbers, and maybe even some symbols for good measure. Such passwords are harder to remember, but they are also much harder to crack. In fact, a password like that will usually be impossible to crack through direct (“brute force”) methods.
Only Download Software From The Original Source
You’ve probably seen popups that told you to download the latest version of Adobe Flash or Acrobat. While such popups might be innocent, you shouldn’t take the chance. If you think these programs need to be updated, go directly to Adobe’s website and get the updates there. Do not trust any other source, period. This same logic should be applied to all software.
Keep Backups Of All Important Files
If you aren’t keeping highly sensitive information on any of your machines, the biggest threat is the loss of your data and the inability to use your system. Thankfully, an efficient and automatic backup system can defeat both of these things. When the attackers send their ransom message, you simply tell them to get lost. Then, you restore the entire system from backups, try to correct whatever vulnerability got you compromised, and go on with your life.
Always Keep Things Updated
Cyber-crime is an ever-evolving problem. As fast as security professionals can defeat existing methods, hackers seem able to find more. As a result, it is very important to stay updated against the latest threats. This is especially important for security software like antivirus programs but also applies to the operating system itself.
Conclusion
With a little diligence, it is possible to avoid these kinds of attacks. If you examine any of the high-profile ransomware cases over the last few years, you will see that most (if not all) of them began with one poorly-chosen click. Of course, you made a good decision when you clicked on this website, so we hope that you will come back again. While you’re at it, feel free to fill out the contact form.