How do I avoid ransomware?

Avoiding ransomware is the same as avoiding any malware. And, you know? A full backup will save you from any problems.

//
How can we prevent this new risk of criminals encrypting files on your hard drive and then demanding a ransom to unlock the data? Is having a router and software firewall enough? I have Windows 7 Professional; always fully up to date.

Let’s look ransomware - software that holds your computer hostage until you pay up – and how best to protect yourself.

Spoiler alert: you already know the answer.

What is ransomware?

First, let me tell you that ransomware is actually nothing new. It’s received a lot of press lately for the latest variant, but the technique has been around for a long time.

It’s nothing more than malware which encrypts some large portion of the machine or its data and then holds it hostage until you pay some exorbitant fee to (hopefully) regain access. The most recent variants are using good encryption, so once your machine has fallen victim to it, the outlook is actually pretty bleak.

Note the word I used: malware. Ransomware is just malware. It’s really just spyware, a virus, whatever you want to call it – and it’s just another thing that hackers do once they gain access to someone’s computers. It’s very destructive malware, it’s effective at what it does, but it’s just malware.

And that should give you a huge clue on how to prevent it.

Preventing ransomware

This is a stick up!You protect yourself from ransomware exactly like you protect yourself from all viruses and malware.

  • You should have a firewall. A router is probably good enough and an additional software firewall is fine if you’re paranoid. Turning on the Windows 7 firewall these days is usually enough.
  • Run up-to-date anti-malware tools. I happen to recommend Microsoft Security Essentials, but there are many, many others. Make sure that they are running and up-to-date.
  • Keep your system and software up-to-date.
  • And of course the usual advice applies: don’t download random things from the internet; don’t open attachments that you aren’t completely certain are valid and correct. The most recent and virulent ransomware seems to arrive most often in the form of an email attachment.

Basically, do all the things you should already be doing to keep yourself safe on the internet. In fact, that’s the article that I’m going to point you at (“Internet Safety: 8 Steps to Keeping Your Computer Safe on the Internet“) because that’s really all this boils down to doing.

This happens to be just one style of threat  - a particularly nasty one – but one that you protect yourself from it in the exact same way that you protect yourself from all other styles of attack… all other styles of malware.

The safety of backups

One final thing that I will throw out is that having a good and recent backup1 can save you almost immediately.

If  you find that your machine has been encrypted by ransomware on Tuesday, restoring to a backup you took on Monday would make it almost a non-event. Aside from any work performed since the Monday backup, you’d have your machine back and running again in no time, without having to pay any ransom.

There is almost nothing that a good backup can’t save you from – and this is another case where, if you have current up-to-date backups for your machine, even something like ransomware doesn’t necessarily need to get in your way.

Should I pay the ransom?

No. Never.

I say that for two reasons:

  • These are malicious hackers. Once they have your money, there is zero incentive for them to actual deliver on the promise of decryption. You’ll be exactly where you were when the ransomware took over, just poorer.
  • Paying them encourages them to keep doing this.

Stay safe, use a backup, and never negotiate with hostage takers – even when it’s your data they take.

This is an update to an article originally posted : January 10, 2013
Footnotes and references

1: Several people have expressed concern that a backup, if connected, may also be encrypted and held ransom. While technically possible I believe it a rare occurrence – I’ve not heard of any instances, as of this writing. To me it’s much more important that a drive remain connected so that regular backups can happen automatically. More here: Will malware infect the backups on my connected backup drives as well?

There are 10 comments:

  1. Kevin

    Hi Leo
    If over the years I have learned anything from from your columns it is “Image Backups”. I do same once a week. If anybody out there thinks this a little wimpish, they should dwell instead on the tremendous freedom and power these give the user. Although it is now years since I have had malware, should and even if when I get again I will always revert to a backup, regardless of what my scanners tell me.
    Only codicils would be that other backups are advisable, such as Doc’s, Pictures etc, and that the user should be able to boot directly into the backup. Booting directly into the backups I am guessing varies a lot from comp to comp. Perhaps Leo you might throw some light on this point????

  2. JustInspired

    It’s also very important to keep the third party software like Java, Silverlight, Adobe Reader and Flash up to date! We’ve seen many infections come through unpatched versions of the above.

  3. johnpro2

    I read in the local paper here threat a local medical business was locked out of their records with ransom ware. Apparently the back up drive was also compromised & locked.
    Lesson is do not leave back up drive permanently attached to the computer ..only during backup or reinstall.Perhaps use a cloud solution as well.
    Jp

  4. Dean

    johnpro – doing this (not leaving the backup drive attached to the computer) makes running automated backups rather difficult.
    A rather cumbersome solution might be to only connect the backup drive at the end of the day and at the same time disconnect from the internet.
    Is there are less messy alternative?

  5. Dean

    Sorry -missed the typo in the last line. The “are” should be “any”

  6. Mark Buechler

    For the “average” user, these steps are not good enough. Because the average user has no idea what links and sites to avoid. So…

    1) Start at your list
    2) Use OpenDNS on the home network
    3) Install McAfee SiteAdvisor and only click on Green Checkmark links

  7. HA

    Use a user, or limited account, not the administrator account for your day to day computer usage.

  8. Dean

    This a follow up on my earlier post.
    In the article a solution to this type of infection is to restore from an earlier backup. In the EBook “Maintaining Windows 7 – Backing Up” automated backup is described in detail. For these to run the external hard drive must be connected.
    However in the several references and articles I have seen on malware that encrypts, I have read that backups can also be encrypted (but whether by encrypting the disk or the image files themselves I have not found).
    What I have read is advice to not leave an external hard drive connected.
    This seems to leave two choices – either do not do scheduled backups, or bet that the protection installed and user competence are such an infection will not get in.
    I teach older people coming late to computers, amongst other things, the value of scheduled backing up. I would like to be able to give them good advice on this.

  9. connie

    @Dean,
    It sounds like the most important thing is to know and follow safe internet practices. If you have a firewall, haven’t downloaded anything suspicious, or clicked on links in emails, then viruses won’t just jump into a computer doing a backup in the middle of the night. So best thing is to teach safe practices.

  10. Dean

    Thanks Connie.
    I do cover the importance of all the usual advice on protective up-to-date software, keeping the operating system and other software up-to-date, not to click on suspect sites etc. And I also recommend at least regular system backups.
    Nevertheless I have had two examples of those attending classes where they have somehow got malware.
    In one case, action taken was to copy data files to a thumb drive, do a full reinstall of the OS and other software and then add back data files after a check scan.
    In the other, a recent backup was available and was used to restore the computer to its uninfected condition. I use this example to emphasise the value of a recent valid backup.
    The problem then is – what if the infection encrypts files and has also caught the backup?
    The unfortunate user can then no longer get to his files.
    Hence the advice I have given that scheduled backups are protection against being trapped into downloading of malware is wrong, if this happens to be of the encrypting type.

Comments are closed.