Ransomware: Tips & Tricks
If you haven’t already heard, there’s a new breed of malware called RansomWare (CryptoLocker, CryptoDefense) – which infect your computer, encrypt your files, and then direct you to a website pay to decrypt them. A timer is set at this point, and if you don’t pay before it expires, you either can’t get your files back or it increases the price. The price can be anywhere from $300 on up!
How does Malware get on a computer? Typically:
Bogus email with an attachment which tries to convince the user to open.
Never open an attachment directly from an email. Always save the attachment first, then open it from the file system. Your anti-virus will scan the file as soon as its saved and quarantine it if necessary.
Browsing the web and clicking the wrong link or button.
Keep your eyes open, think before you click, and refrain from personal browsing while at work. Our firewalls at the edge of our network and the Internet does a decent job of protecting here, as well as the TrendMicro AV installed on each computer, but we as Users still have a part to play.
Introducing files from an external source (USB thumb drive or CD/DVD).
Many organizations do not even allow removable devices and media to touch their computers because of this threat. We don’t want to have get to that level of scrutiny, but be save with your thumb drives. Scan and clean them often, Instructors especially.
Here are some simple (but frequently ignored) safe computing practices to consider when opening emails and file attachments, in general:
Always check who the email sender is.
If the email is supposedly coming from a bank, verify with your bank if the received message is legitimate. If from a personal contact, confirm if they sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
Double-check the content of the message.
There are obvious factual errors or discrepancies that you can spot: a claim from a bank or a friend that they have received something from you? Try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
Refrain from clicking links in email.
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you haveto click on a link in email, make sure your browser uses web reputation to check the link, or use free services such asTrend Micro Site Safety Center.
Always ensure your software is up-to-date.
Currently there are no known CryptoLocker that exploits vulnerabilities to spread, but it can’t be ruled out in the future. Regularly updating installed software provides another layer of security against many attacks, however.
Backup important data.
Unfortunately, there is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate back-ups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Windows has a feature calledVolume Shadow Copythat allows you to restore files to their previous state, and is enabled by default.