Avoiding Ransomware

Avoiding Ransomware

November 11, 2015

There is a newer class of malicious software (malware) known as Ransomware. If your PC gets this nasty package on it, your documents, pictures, and other files are silently encrypted, made unusable, in the background as you use your PC. Then, once all your data is garbled, a message pops up demanding payment to get your files back. The encryption used is strong and cannot be cracked, so your choices are to pay up or lose all your files.

Actually, if you are proactive, you have more options.

The best option is to prevent it from getting on your computer. How?

As of this date, all ransomware attacks PCs running Windows. So, run a different operating system. It's no longer that difficult to switch. Apple's Mac OS or the Free software GNU/Linux OS have not succumbed to any known ransomware infections yet. Nor do they frequently get adware or malware of any kind. Some claim it's because of their lower market share - fewer computers run these operating systems so fewer infections. But the difference is several orders of magnitude. There is more information here on the ramifications of changing operating systems.

Whenever Microsoft's Chief Software Architect Bill Gates had to choose between security and ease-of-use, security always came second. Decisions such as allowing browsers to run native code (ActiveX), auto-running whatever was on inserted CDs and flash drives, putting user-space functions into the OS kernel, etc., meant Windows has always been very permeable (full of holes.)  From the beginning, Windows was not designed for network use. Microsoft discovered the Internet quite late. There has never been a complete rewrite of Windows to make it network secure.

If you choose to stick with Windows, you must also run anti-virus software. Whatever brand you run will catch ninety-some percent of the bad stuff. However, many people victimized by ransomware were running some form of AV, so that is not a guarantee of protection.

Set local security policies on your PC to prevent software from running from temp folders. If your PC is joined to a business domain, set group policies at the domain level to protect all member PCs. Search the internet for "cryptowall Software Restriction security policies" to find help on how to do this, or contact ComputAssist.

Intelligent Internet use is imperative. Don't click on any email links. If, for example, you get a notice from your bank, don't click the link in the email. Instead, use the bookmark you saved in your browser. Don't open any email attachments that you did not request. Don't let curiosity overrule your caution. Common click-bait comes in the form of messages that look legitimate but are not.

If your PC does get infected with this disease, your best defense is backups. But not just an external drive. Not even just a single off-site backup. In order to survive ransomware you need a deep set of versioned archives, and a way to compare and restore them. Why? Because ransomware can hide for days or weeks before you discover it. If you take a periodic backup to an external drive, your files will be overwritten with the garbled versions before you realize they are corrupted. Unless you keep old versions of your backup, you will still lose all your files.

Does this mean backups are a waste of time? No! But a single backup that you overwrite each time you take it, is not really a backup at all. Better than none at all, yes, but against ransomware it is useless.

So, to avoid the problem of ransomware:

  •   Switch to GNU/Linux or Mac OS.
  •   If running Windows, keep AV up to date and set Software Restriction policies.
  •   Be smart when using the 'Net. Don't click random stuff, even if it looks legit.
  •   Make versioned backups. Burn your backups to DVD, or use an off-site backup service that keeps versions, preferably for at least 30 days. Longer is better.