The Continued Ransomware Threat

I am asked often about Ransomware and I am also surprised just how many people continue to be infected by Ransomware. In fact, Kansas Heart Hospital in Wichita actually paid the ransom only to have the cyber criminals ask for more. No surprise there.  A hospital in LA recently paid 40 Bitcoin (about $17,000.00) to have their data released. And while both hospitals have said no patient data were impacted, one has to wonder about their own internal security practices.

Ranomware is just as it sounds, criminals infect your data, locking it from access and then demand payment to unlock and free your data. Ransomware is generally spread through email attachments,  infected programs or compromised websites.  A Ransomware program or a cryptovirus, cryptotrojan or cryptoworm will infect a Users system blocking them from data or from using the operating system itself. Users are generally given a warning screen demanding payment or all data will be lost:

A User may also get a screen or email (or at times a phone call) duping them into believing they are a part of an FBI/police investigation:

In all cases, none of these tricks are true and any money that is paid will NOT result in any data or system being freed. Rather, even more money will be demanded.

So, what can be done to protect your system or data?

1. Back-up your data on a REGULAR basis. The timing of this will depend on how you value your data. The more valuable the data, the more often you should back up. Backing up data to an external drive or the Cloud is always the best solution.
2. NEVER open PDF or EXE attachments from any email address you do not know or recognize.  If you get an email from an address you recognize, but it has a PDF or EXE attachment, simply mouse over the 'From' email address and you will see if it is truly from that trusted source.
3. Make sure your Antivirus is updated - this should go without saying.
4. Make sure your software is updated, including third-party plug-ins for web browsers and other systems. These often plug security vulnerabilities that, if left open, provide attackers an easy way in.
5. Avoid risky behavior. Do I need to elaborate on this?

The cure for Ransomware is to wipe your drive clean and reinstall everything. Paying will not restore anything.  So at the very least, make sure you are backing up your data!

Like most things in life, the best defense is a good offense. Be smart about how you surf the web. Be smart about who you accept communications from. Be smart about how you respond to emails or calls that threaten to arrest you (yes, the IRS scam is still out there).

Ransomware is out there and evolving daily. It's imperative to remain vigilant and smart.