Why do you want to survive

Do you want to survive ransomware? How to protect your PC

Ransomware is everything bad about humanity malware - malice, greed, and the occasional incompetence. It encrypts your files and requires you to pay for a key that may not work. With the right backup strategy, your files can survive infection.

We encourage you to do so today and avoid the debate about whether you should pay the ransom.

What you need to know about ransomware

Ransomware is a type of malware designed to lock you out of your computer unless you pay a ransom. It usually encrypts your files to keep you locked out, and the ransom is usually in cryptocurrency. Ransomware is typically targeted at businesses, corporations, and government agencies, but individuals can and will be drawn into the battle.

The software is becoming more and more sophisticated with new variants being added all the time. While most criminals treat an attack as a transaction, some ransomware writers seem to enjoy messing with victims. Last year we heard about ZENIS, a ransomware that deliberately deletes backups. And more recently, GermanWiper, which doesn't encrypt your files at all - it just deletes them and still demands a ransom. Unhappy victims who pay for it don't have to decipher anything because their files were gone from the start.

And there are more attack vectors than ever before.

"Ransomware is now being transmitted in a multitude of ways, making it increasingly difficult for end users to stay protected," said Victor Congionti, chief information officer for cybersecurity firm Proven Data. "Traditionally, ransomware has been spread through email campaigns that require gullible users to download malicious links."

Criminals are now camouflaging it in apps, leaving it untouched by software. Or they spread through spear phishing attacks, which target people in an organization who are more likely to click suspicious links.

It's a jungle out there!

How to protect your backups from ransomware

If your system is infected with ransomware, you can either pay the ransom and hope you get your files back, or you can't pay and try to rebuild your PC from backups. The first option is problematic for moral, ethical, financial and logistical reasons. So now you can take steps to ensure that you can recover from a ransomware attack painlessly.

Start with these three principles for backup:

  • For example, suppose ransomware encrypts or deletes everything that you can access from your PC. If you back up to an internal or external hard drive, if the drive is constantly connected to your PC or the cloud, these files are considered already dead. They're only of value for a more old-fashioned and conventional disaster like a hard drive failure. This type of protection for traditional threats is fine, but it shouldn't be your only line of defense to protect your data.
  • Disconnect your backup from the network. A solid weapon against ransomware is the use of aBackup media, which you can leave out so completely separate from your computer and the internet. For example, if you are backing up to an external hard drive, connect it only during the regularly scheduled backup and then disconnect it immediately. "It is critical that the local storage drive is not left connected to the network," said Congionti. “This prevents the backups from being encrypted when the ransomware executable is loaded onto the network and the storage device is offline outside of the encryption process. With the drive connected, these backups can now be accessed by the ransomware, rendering them unusable as they have been encrypted along with other files. “Yes, this is inconvenient and requires discipline to manually connect a drive and blow a fuse. However, this is a particularly safe strategy.
  • Rely on versioning. Even if you disconnect your external drive, there are no guarantees that it will remain protected. This is because your system may already be infected with malware while performing a backup. "Versioning is an important strategy to ensure recovery from a ransomware attack," said Dror Liwer, founder of the security company Coronet. Use a backup program that saves multiple timestamped versions of your files. Then when you restore your computer you should have the option to go back enough that your backup was made before the infection.

Implement a practical backup strategy

Obviously, popular backup solutions are not robust enough to protect you from a ransomware attack. cloud warehouse is not the same as cloud Fuse and consequently whatever syncs or mirrors your data is toast. For example, if you want to reclaim files, you can't rely on the free versions of Dropbox, OneDrive, or Google Drive.

But if you pay to store it, the story could be a little different. Dropbox includes the Dropbox rewind feature in paid tiers. With Dropbox Plus (2 TB storage space) you have a 30-day history of your files that you can refer to at any time. Dropbox Professional (3 TB) has a version history of 180 days.

OneDrive has its own ransomware protection. When OneDrive detects possible ransomware activity, it will notify you and ask if you've made the latest changes to your files. Otherwise, Microsoft will try to help you clean up your hard drive and restore the damaged files.

Since Google Drive and iCloud don't have such built-in protection, we advise you not to rely on them when ransomware is such a serious risk.

In addition, most online backup solutions employ version control, using services like Acronis, Carbonite, and iDrive (among others) to roll back to a snapshot of your hard drive that was taken before the infection.

"Carbonite successfully recovered over 12,600 customers from a ransomware attack after contacting our customer support," said Norman Guadagno, senior vice president of marketing for Carbonite.

Some online services even use anti-ransomware tools. For example, Acronis has a tool called Active Protection that looks for malicious behavior.

"When Active Protection detects something fishy," said James Slaby, Acronis Director of Cyber ​​Protection, "like a process that renames a series of files and then encrypts them, it kills the process immediately."

In the same way, the Apollo spacecraft had two, regardless of host computers, we recommend that you have at least two options for backing up your data. You can combine a simple, accessible, synchronization-based solution with one that is robust enough to recover from a ransomware attack.

For example, you can use a traditional cloud backup solution like Dropbox or OneDrive to make sure your files are always available when you log in from another PC or have a catastrophic computer failure. If you have a subscription and can take advantage of built-in ransomware protection, that's even better!

Implement a secure backup solution with versioning at the same time. You can use a local backup app that writes to an external drive or an online backup service that stores your files in the cloud. Yes, your files will be more difficult to access when using these types of backups. However, you can survive a ransomware attack that your daily file sync doesn't allow.

How do I avoid infection?

While ransomware is one of the most worrying types, it's just another type of malware that you know and should be prepared for.

After using a secure, tiered backup solution, follow these rules to minimize the risk of ransomware:

  • Use a strong antivirus product with ransomware protection. Of course, no antivirus app is perfect, but any security strategy that doesn't include one is fundamentally flawed.
  • Don't click something you don't trust. You know the exercise. Do not click third-party links on websites, in emails or text messages, or about carrier pigeons. Also, do not use pirated software or visit illegal websites. Stay on your phone in proven stores like the Google Play Store and the Apple App Store.
  • Keep your computer updated with the latest system updates.

When you get hit

If you are ever unfortunate enough to be infected with ransomware, all hope is not lost. There are two free tools you can use to decrypt your files without paying a dime in ransom:

  • No more ransom: This is a joint project between McAfee and a handful of European law enforcement organizations that now have over 100 partners from business and politics. If your system is infected, you can go to the No More Ransomware website and upload some sample encrypted files from your computer. If this ransomware family gets it, you can unlock your PC for free.
  • ID ransomware: Similar to No More Ransom, the security company Emsisoft created this project. You can also request the ID notification if an undecryptable attack becomes decryptable in the future.

CONNECTED:Should You Pay If You Are Hit By Ransomware?