Thursday, June 8, 2017

My take on ransomware...Causes, prevention, & dealing with these threats.

There has been a pretty steep uptick in ransom-ware activity the last few months, and the seriousness of this particular type of threat has grown to near epidemic proportions.

 Any software which can take administrative control of a computing device, prevents removal/detection/deletion, and hold control of it until a monetary amount is paid (the ransom), is considered ransomware.
Probably most disturbing is the amount of money that ransom-ware is generating to the criminal element.  The FBI estimates over $200 million has been spent already in 2016 to release personal, business, and even file servers that have been compromised.
The other frightening aspect of all this is that the "ransom" rates are also on the rise.  Where ransoms from a few years ago might have been merely a couple hundred dollars, I have now heard of ransoms going into the thousands of dollars.  Yikes!

So what can someone do (to prevent and/or recover) from a ransomware attack? 

The fast answer (the best one in my opinion) is prevention.  If you have been around computers for awhile, you have probably heard,
  • "Don't try to get stuff (that costs money) for free", 
  • "Don't open email with attachments from people you don't know",
  • "Don't download unknown programs", 
  • "Don't click on links in web pages, or email unless you know where the link is taking you".

These are good suggestions, but there are some other things that can also be done:

1. Back up files, especially personal files, pictures, and any financial/business software.  A full backup should also be run, and the backup media should ideally NOT be regularly connected to the computer (any connected device could be compromised in the event of a ransomware attack)  Removable storage like DVD's, external hard drives, and USB drives, are good examples.

2. Keep your antivirus current.  And have a second line of defense.  Malwarebytes has a free scanner, but the paid version has an active component that monitors and will block malicious content.  While nothing can truly block against every threat, a good solution will have consistent updates to its detection engine, and make those updates available in a timely manner.

3. Know how Microsoft operates.  They will never call you to offer assistance.  If you get a call like this you can rest assured that it is some type of scam attempt.

 Q: "OK, these are good suggestions, but I already have a popup telling me that I need to pay.  What do I do?"

A: some of these threats can be removed.  So the first thing to do is NOT panic.  Next, terminating the process in hand is important.  Shutting down the PC is a good first step.  If you are locked out when it restarts, you could try to start the PC in safe mode.  (When the PC is first booting, you can bring up your startup options by tapping the F8 key.  Select safe mode, and see if your computer can start.

If it can start in safe mode, download and run Malwarebytes.  It may be able to root out and remove the problem.  If it comes back clean, your system may not have been infected by the threat (this is where quickly shutting the PC down can help).  If it does find any threats it may ask to restart your system after it removed them.  I would recommend a follow up scan after that to ensure nothing is left behind.
Also run a scan with whatever your other virus/malware scanner is.  If you don't have one, Windows defender (Win 8,10) or Microsoft Security Essentials. (Win 7) are good basic protection.






No comments:

Post a Comment