Ransomware is known for encrypting your data and holding it hostage. It turns out that it can do more that backups won't protect against. While backups can certainly avert data loss during a ransomware attack, the most recent tactics cybercriminals use are even more sinister.
Like viruses, ransomware is evolving. Crooks know that if you have good backups, you are much less likely to pay their ransom to get your data back. Some ransomware goes as far as publicly exposing your data unless the ransom is paid. The recent story involving Waikato DHB demonstrates that. You can read about it here.
Ransomware and encryption
When your computer or network gets infected with ransomware, your files get encrypted and then you see a message saying you can buy a decryption key by sending a certain amount of money in crypto-currency. The usual amounts vary from several hundred dollars to several million!
If you pay (and you are dealing with a somewhat "honest" crook), you are supposed to receive a decryption key or a tool that will decrypt your files. If you don't, your files will remain encrypted and inaccessible.
Backups play a critical role in protecting you from ransomware. However, if ransomware has access to your backups, it will encrypt those as well. Examples include portable hard drives that you keep always plugged in, or storing files in the cloud, such as OneDrive, Google Drive, Dropbox, iCloud, etc.
Defending against this kind of ransomware is a bit more complicated. After running your backups, you should unplug your hard drives and store them away from your computer. Even better if you could keep them in a different house - as the stories of those who evacuated from the West Coast recently show.
Online backups are also safer from ransomware. Because only the backup program has access to your backups, ransomware is much less likely to encrypt your online backups. I'll repeat again - the common cloud sync programs are not backups!
In the past, restoring from a ransomware incident was a relatively simple task. After disinfecting your system (we always recommend a clean install), you could just restore your backups and not have to worry about paying the ransom.
A New Threat
The most recent strains of ransomware use a slightly different approach. In addition to encrypting your data, hackers steal a copy of it. Even if you manage to remove the ransomware and restore your data from backups, they can threaten you with public exposure of the data they have stolen. If you have sensitive data, such as medical records, or financial information, the consequences could be disastrous.
It's not exactly a new tactic. Hackers have been stealing sensitive data and posting it publicly for many years. It's called a data breach. We wrote about it a few years ago when blackmail webcam scams were common, and you can read our article here.
What's new is bundling this attack with encrypting your data - to add insult to injury! If you pay, the crooks "promise" you not to expose your data to the public and "promise" to delete it. Maybe they will - who knows?
The New Defense is Old Defense
After all, ransomware is just malware. What stops malware from inflicting damage, will probably help with ransomware as well. You can keep yourself protected by:
- Keeping your Operating System and software updated. That means, no Windows 7 or. God forbid, XP!
- Having a good antivirus. Free ones are usually useless as their only goal is to collect data on you and try to upsell to a paid solution.
- Avoid risky online behavior - such as downloading free software or movies, clicking on dodgy links and installing software that just "showed up" by itself
- Common sense - don't fall for phishing attempts and don't open unexpected email attachments, even if they are from people you know.