After the recent release of a joint report from the NCA and the NCSC on the increasingly aggressive nature of cybercrime, ransomware is back in the headlines as a growing threat. As the number of devices connected to the internet increases exponentially, the Internet of Things is rapidly turning into the Internet of Threats.
Rising incidents of cybercrime are always newsworthy, but is ransomware really all that new? Certainly as more and more smartphones, fitness trackers and tablets (all containing personal data) connect to the Internet, there are more opportunities for cybercriminals to exploit weaknesses – in both technical and human form. Yet the fundamental idea remains the same, cybercriminals are constantly looking to exploit human nature, whether that be through making an offer that is too good to be true, or threatening to delete important data and treasured memories.
But the basic security measures that experts have been preaching for years still apply, and while no one can guarantee protection against all security threats, many of the precautions you should already be taking will significantly mitigate the chances of infection by ransomware.
The single most important thing is to back up your data on a regular basis. This includes any external drives such as a USBs, as well as network or cloud file stores that have a drive letter. You should be using an external drive or backup service, or one that is disconnected when it is not backing up.
Security software will protect you from the majority of known viruses, worms, Trojans and ransomware. I stress the word ‘known’, because until a new malware variant is defined it isn’t possible to offer 100% protection against it. Heuristics may be able to predict whether something ‘looks’ like malware, but it will never be able to cover every single permutation.
Make sure all of the software on your system is up to date – including the operating system, browser and plug ins. One of the most common means of infection is through software vulnerabilities.
Show hidden file extensions. Windows default behaviour is to hide known file extensions, but this can be disabled, making it easier to spot suspicious files such as those with a “.PDF.EXE” extension.
Filter EXEs in your email if you can. Some gateway mail scanners allow you to deny any email attachments with the extension “.EXE”, or those with two extensions (“*.*.EXE” files). If you do need to exchange executable files and are denying emails with “.EXE” files, you can use password protected ZIP files or cloud services.
If you do run a file that you suspect may be ransomware, but the ransomware screen has not yet appeared, you may be able to limit the damage by disconnecting from the WiFi or unplugging from the network immediately. It takes some time to encrypt all of the files, so if you act straightaway you may be able to save some of them.
This technique is far from fool proof and relies on you being faster than the malware, but it is worth a shot. If you have System Restore enabled on a Windows machine, you might be able to take your system back to a known-clean state. Again, you will need to move fast to beat the deletion process which can start whenever an executable file is run.
And if the worst comes to the worst? We would never advocate paying the ransom, but in the end that is a decision only you can make.
Natasha Staley - 16 March 2017