It is no exaggeration to say that ransomware is one of the biggest cybersecurity threats on the scene. While these attacks were once relatively uncommon, they have become a much larger threat than anyone could have imagined. Some extremely high-level people have been successfully targeted by this kind of malware, from large companies to government offices, which only goes to show how effective it can be. For those who want to avoid becoming the next victim, let’s go over some facts about ransomware attacks, including the best practices to prevent them.
How Does Ransomware Work?
Ransomware works by using encryption, a tool that is normally used for the protection of sensitive data. By scrambling all that data, it is rendered unreadable until a password is entered. We cannot stress enough that encryption is one of the best ways to protect yourself online, but it also has a darker side. The same qualities that make it effective for defensive purposes can also make it into an offensive weapon that will be used against you…if you are foolish enough to let it happen.
It Starts With A Phishing Trip
The attacker usually starts with a phishing email or some other kind of social engineering attack. This is how they get a foot in the door for further action. Usually, the email will take the form of an unquestionably legitimate organization. It could be anyone from your boss to your banker, but it won’t be real. Instead, it will be a detailed fake that is intended only to trick the user.
Fakes like these are used to trick people into giving up their personal information, such as login credentials. Once the hacker has those credentials, they can bypass all of your network encryption (no matter how strong it may be). This is why phishing is still one of the most common methods of malware infection. It allows the attacker to skip a lot of troublesome middle steps.
The email will normally contain a link, which will take you to a fake page. Again, it will be disguised as something legitimate. Some hackers are very meticulous about getting every detail of the spoof correct, while others are sloppy and can be spotted immediately. For instance, spelling and grammatical errors are a little bit of a red flag, as are headers that don’t match with those found on other emails from the same source. In any case, the fake page will prompt you to enter some kind of information.
When you enter that information, a program called a keylogger will record every character that you type. Thus, it only takes one mistake for a hacker to get your login credentials or other personal info. The entire scam revolves around tricking you into entering those credentials on a compromised page. Once that is done, they have completed their first step.
The Trap Is Sprung
Once the hacker has all of the information that they need, they will use this to begin infecting the device with malware. In fact, they might even be able to infect the entire network if proper segmentation protocols are not used. The malware will encrypt the entire hard drive of the targeted device, locking you out of it permanently. Obviously, they will use a secure password to keep you from regaining access.
At that point, you will receive some sort of ransom letter, telling you that your drive is locked and that it can only be unlocked if you pay a ransom. The funny thing is that these notes tend to be very politely worded and courteous, which is odd for a bunch of thieves. Once this happens, you are in serious trouble. So, what can you do about this kind of thing? In the next section, we will explore that topic.
Tip #1: Educate Yourself And Others About The Dangers Of Ransomware
As we said before, all of this usually starts with a phishing email. Some scammers have also used text messages, but that seems to be less common. In any case, good education about this threat is your first (and best) line of defense. If you can prevent the initial phishing attempt, you can stop the attack before it starts.
The first thing to understand is that no phishing email is perfect. All of them will attempt to mimic a respected source, and all of them will make at least one tiny mistake. It might be something as simple as a misspelled email address at the top or a link that doesn’t seem to go where the email says it goes. It might also be a tiny difference between a real email and the fake one. Either way, look closely at every detail and try to find anything that is out of place.
One thing that you can do is go to your inbox and look for an email from the same (alleged) source. Chances are, they will be impersonating someone with whom you have communicated in the past. That’s good because it means you have a legit example for easy comparison. Any differences between the two should be viewed as a red flag. This is just one of the ways in which a small detail can make a big difference. Your computer IT services company can certainly help you in this department by providing you with more information.
Tip #2: Consider An Email Firewall
One of the things that makes a phishing email hard to spot is the fact that titles and addresses can be spoofed. If the hacker is skilled enough, they can create a “mask” that looks just like the real thing on the surface. The awful truth is hidden in the code, but most people won’t see that. However, the source will not be correct, even if it appears to be so.
That’s where an email firewall comes into the picture. Most people don’t use these for personal emails, but business emails definitely warrant this extra level of protection. In case you don’t know, a firewall is simply a barrier that prevents your computer from connecting with other machines. Unless they are on a pre-approved safe list, they will be blocked from communicating with your network in any way. Of course, it still needs to be configured correctly.
We recommend that all business email accounts should have an email firewall in use. After all, most business emails will involve correspondence with a limited number of people. There is simply no reason to leave your ports open to the world, as you never know who might come along and link with them. The only inconvenience here is the fact that you have to place all new contacts on your safe list. That’s a minor inconvenience, but no big deal. Of course, this is not a good option for public emails (meaning those that are given out to the public). Email accounts like that should be located on a separate server to isolate them from the important ones.
Tip #3: Implement A Good Backup System
Data backup has proven to be the single best way of countering ransomware. When a person targets you in this way, they are using your data as leverage to extract money or other forms of payment. You can cut this scam off at the pass by backing up your data on a regular basis. This should be done in the form of disk image files, as these will allow you to preserve the entire system in a single condensed file. These condensed files will take up far less hard drive space than the raw data.
Just imagine the look on a hacker’s face when you laugh at their ransom demands. You probably won’t get to see that, but you can still take satisfaction in having outsmarted an enemy. When they send their little ransom note, you can tell them to shove it where the sun doesn’t shine before restoring your system from a recent backup.
Of course, this isn’t a perfect solution. If your backups are several days old, you will lose several days’ worth of productivity. Still, that’s probably a lot cheaper than paying the ransom. Besides, there is no reason to believe that these hackers will return access once the ransom is paid. There have been many cases in which people have paid the ransom and still lost their data. Remember that these people do not care about you or your organization and that their word cannot be trusted whatsoever.
There have also been instances in which hackers have targeted backup files, deleting them as well. Cloud backups seem particularly vulnerable, as the cloud can sometimes be quite insecure. It all depends on how that cloud is set up and configured, but that’s a matter for another day. The important thing to know here is this: Always store your backups on a device that is not capable of connecting to the internet. It should also be under lock and key to prevent physical tampering.
Tip #4: Make Sure Everyone Uses Strong Passwords
If you are using a weak password, the cyber-attackers won’t even have to bother with a phishing email. Instead, they can use a “brute force” program to crack the password. If it is a short password made up of common words, it might be cracked in minutes. However, a sufficiently long and complex password can defeat this method very reliably.
Those password-cracking programs are effective, but they have definite limits. Once you exceed those limits, the program can take months or even years to decrypt the password. To get a better idea of how this works, you can check the strength of any password on this site. You will quickly see that you need 18-20 characters, both letters and numbers, and at least one symbol. In addition, you should avoid common words from any language.
Tip #5: Consider The Use Of A Sandbox
First of all, we aren’t talking about a literal sandbox. Those can be a lot of fun, but we are talking about a virtual sandbox. This is a common cybersecurity technique that we recommend highly. It isn’t exactly easy to do this, but it is one of the surest ways to test a particular link or file attachment. If you don’t have the technical know-how to do this, you should consider some managed IT support services, many of which offer this feature.
As we said, these attacks always begin with a malicious link or a malicious email attachment. Instead of foolishly clicking on these things, you can test them in a secure environment. Sandboxing works by creating a duplicate of your existing system. You can probably use one of your system image backup files to create a perfect duplicate. Now, you can click those links and see what happens.
If the malware does manage to infect your computer, you can simply delete the whole virtual system. The information they obtained will only allow them to hack a system that no longer exists. One little thing, though: Never, ever enter your correct login credentials/passwords when doing these tests. Instead, give a fake password and see how the page reacts. A fake page will not know the difference between a real password and a fake one, and that fact can be used to spot them easily.
Tip #6: Look Out For Scouting Behavior
Before a hacker can target you with ransomware, they will need to gather a little bit of information about you. This information is then used to tailor the attack specifically towards you. For instance, they might try to find out where you work so that they can create a fake “work email.” They might try to find out what church you attend so that they can impersonate those people as well. We could literally go on all day listing the ways in which they might try to impersonate your trusted contacts.
Whenever you get one of those weird calls that seems like a scam attempt, the smart thing is to assume that it is one. In particular, don’t give out any personal information to people you don’t know. Even casual conversations on social media can be used to gather information about your habits and associations. If you recognize this scouting behavior, you can employ an old principle of espionage: “If you want to find a spy, tell them a lie and wait for it to show up on the other side.” In other words, give them false information about yourself. Thus, when you get an email that contains said false info, you will know that it’s a scam, and you can safely delete/block.
Ransomware is indeed a potent threat. However, it can be defeated with a mixture of good tech and common sense. Ransomware has proven to be a real problem, and it’s largely because of people who don’t take precautions or pay attention to what they are doing. We urge you to avoid being one of those people, as they are the most frequent victims of ransomware. If you would like to know more about this subject, you can always call PCH Technologies at (856) 754-7500. We are easily one of the best IT support companies in NJ, and we are more than eager to help you in any way we can.