Recently, a client contacted me with the following question:
Question: I have been working with renewing my liability insurance and the big topic/concern with all the carriers is Ransomware. What is in place on my system to keep me safe on my end of this issue?
The answer to this is multitudinous and I’ll attempt in this article to answer it as best I can:
- The first part of this is understanding exactly what is “ransomware”? The short answer to this is that ransomware is a type of malware that once it infects a computer it quickly looks for certain files with popular file extensions, i.e., .doc, .xls, .pdf, etc… in layman terms, MS Word, Excel, PDF files and most other popular file types. Once it finds these files the malware applies an encryption to them and changes, or adds, a new file extension to them. The encryption makes the file impossible to open or be used without a de-encryption key, which the person, or persons responsible for the malware will “sometimes” provide to you IF you pay them money, usually in the form of bitcoin (an electronic, somewhat untraceable form of payment). This amount typically will start in the amount of $500 and can potentially go into the thousands of dollars!
- Question: How does one typically become infected with ransomware? Answer: The usual means of infection is via email. An email will arrive as an attachment; most likely as an .exe, or .js. The email will often come from a “spoofed” email account, i.e., it will appear to come from someone you know so you’ll let your guard down and click to open the extension. Sometimes it will come as a spoofed email from UPS, FedEx, or some other common source as such. Or, it will have something in the subject line such as “you’ve won a prize” or something else that will attract you to it. While ransomware will most commonly arrive by email, it’s not restricted to this delivery system. It could come in via Facebook or Messenger links and other social media platforms. Remember: the weakest link in computer security is… YOU! A good analogy is that you can have many locks on your front door, but if you open it up to let in a stranger, you put yourself at risk.
- Question: What do I do if I’ve become a victim of a ransomware infection? Answer: My advice is that you DO NOT PAY THE RANSOM! When you pay them, it just continues to encourage the criminal to continue to infect people. If nobody paid, there would cease to be an incentive to the infection. Also, as I noted above, the criminal won’t always provide you with a de-encryption key; leaving you out of money and still no access to your files!
- So, the next logical question is: How can I protect myself?
The first thing I recommend is to turn on file extensions in your computer view options; this will allow you to see if a specific file on your computer, whether it be in an email as an attachment, or within your computer file manager, is an .exe (executable file), or is it a PDF or Word, Excel, or some other type of file. Keep this in mind: ALMOST NEVER OPEN AN EXECUTABLE FILE THAT HAS COME IN YOUR EMAIL! This includes, as noted above, a .js file (javascript).
Secondly, you need to have backups of your files. I’ve covered the many different types of backups in other postings on my website if you want to read those for a more in-depth understanding, so I’ll be brief here. A good backup(s) is your best defense to an encryption virus. This should always include, at a minimum, a file level backup, both locally and in the cloud! An encryption virus will usually look for local storage to infect as well so this is why cloud backup is so important. This is the best type of protection from an encryption virus because it is completely isolated from your system. Further, if it did somehow become infected, the cloud backup service will have their own backup in place as well! For a standard consumer, this type of backup is relatively inexpensive. For a business, it can be more costly, but how much would it cost you to have your business crippled by an infection and NOT have a backup that can be used to restore your files? You may have some downtime, but it won’t be a total loss!
Thirdly, make sure your firewall is turned on. Typically, this is the default setting for your computer, but it never hurts to double check.
Fourth: Have a good, up to date, antivirus installed on your computer.
We, at CSA Tech Solutions can assist you with all the above. We have both antivirus and backup packages available that can be configured for your specific situation and environment. We can also provide managed services in which we are monitoring the health of your computer systems. While there are no guarantees that you’ll never be infected, you can take the steps discussed above to lessen the damage that can come as a result of this infection.
Please feel free to call us at (717) 354-4272 to discuss the ways that we can help protect you.