For years, ransomware has been a huge security headache for individuals and businesses alike. More than just some malicious codes, it’s now considered a type of terrorism, and rightfully so.
The good news is, you can prevent ransomware yourself without having to spend any money. You only need to understand how it works and, well, avoid it.
This post will explain ransomware in layman’s terms and how you can keep yourself safe from this type of scam. Paying attention, and most importantly, taking the issue seriously, are the key.
Dong’s note: I originally published this post on May 24, 2018. Since my last update on June 10, 2021, I’ve experienced a few more depressing ransomware-related incidents. With this latest update, posted on June 24, I wanted to raise awareness of the issue’s seriousness and add more practical information on how to stay safe.
What is ransomware, and why is it so bad?
Ransomware is a piece of malicious software that, when executed, encrypts — or locks — popular file types, causing you to be unable to open documents or even run applications.
The malware then displays a message with instructions on how you can pay — usually via cryptocurrencies — to get your files back.
You can think of ransomware as an event where somebody comes into your home and sprays a type of generally-impossible-to-remove glue all over your furniture and appliances, rendering them inaccessible or useless. That person then demands payment to clean up that glue with a secret method only they know.
In reality, when you see that dreadful message, you better hope you’ve had an alternative way to restore your data — via special backups. Otherwise, chances are you will never get your files back.
That’s because the ransom tends to be prohibitively high, and when you start paying, you’ll have to keep paying because the bad guys can release a portion of data at a time.
On top of that, your data might not be restored 100 percent intact. Among other things, they might lose their holding folder or other attributes. (It’s tough to clean any glue off completely, so to speak).
And sometimes, the ransomware itself is of “low quality” that even its owner can’t undo the damage. That happens.
By the way, paying means you support the practice, and that only makes the matter worse. So, it’s never a good idea to pay in the first place.
In any case, ransomware can be as big a headache as one that ends your business or career.
How you get infected
One thing is generally true: Ransomware does not install itself. It’s not a virus. Just like any software, it requires user interaction to execute.
To use popular apps, such as Zoom or Skype, you first have to download, install, and then run it before you see the result — chatting with a remote party in this case.
A user must interact with the computer and allow ransomware to download and launch the attack. (You have to open the door for that stranger to come in, so to speak.)
That said, there are two ways ransomware can get into a computer:
- The user is tricked into believing they are doing something benign (again, like using Zoom). Or
- The bad guys manage to access your computer, likely remotely, then install and run the malware themselves.
For this reason, a ransomware attack is always somewhat of an “inside job” — somebody must have full access to your computer to make it happen. And that means two things:
- It’s tough to prevent. It can take as little as a few misclicks to get infected, and the damage takes a short time to happen on a large scale. (It’s much faster to spray glue on things than physically hauling them away. This is a lot worse than home break-ins or burglaries.)
- The damage is extensive. All files on the computers and all network resources, to which the current user of the infected computer has access, are susceptible. Therefore, in an office, expect all shared folders to be vulnerable.
There are many variants of ransomware. It’s fairly easy to change a few lines of code to make a new variant. In fact, these days, ransomware is available to certain parties as a service. One can order it and split the loot with the maker.
When a new one is out, even the best protection software can’t stop it from executing. Antivirus and anti-malware applications are generally one step behind.
In my experience, some ransomware variants can even remove themselves after having done the damage, making it hard to trace them back to their origin.
The point is there’s a large window when everyone can be vulnerable. That said, you should always try to prevent ransomware from infecting your computer and have contingency plans for the case it does.
How to prevent ransomware
The best way to avoid ransomware is to take precautions and always practice safety measures.
The good news is, you actually can stay 100% safe from it if you remain alert. This is like making sure you don’t let just anyone inside your home for the most part.
Good ransomware prevention practices
That said, there are two main ways to keep your computer safe.
The first: Respect your computer’s warnings!
That’s right. Downloading ransomware on your computer alone might not be bad yet. It is when you execute (a.k.a “run,” “open,” or “view”) it that causes trouble.
(In many cases, though, downloading and running a piece of software is combined in a single action. So, clicking on an embedded link within an email message alone might mean you’re about to excuse some malicious code.)
Here’s the good news: When you’re about to do something that can change the system, the computer will always confirm that with you. This is your last chance to stay safe.
That said, when there’s a pop-up asking whether you want to proceed, take your time to make sure before responding affirmatively. Don’t just click on “Yes,” “OK,” “Run,” etc., without knowing what will happen as a result.
Extra: What to do when you accidentally download and run a ransomware
By the way, if you’ve just accidentally downloaded (and run) ransomware — and are somehow aware of that — here’s what you should do:
- Turn your computer off immediately by unplugging it from power (or pressing and holding the power button for a few seconds). Ransomware needs time to encrypt the entire computer and network folders. It can’t do that if the computer is turned off.
- Take all storage devices, internal and external, out of your computer and connect them to another to copy your data out.
- Perform a re-partitioning (format) or discard the old storage devices.
If you’re not familiar with steps #2 and #3, call a professional. But you must do #1 immediately. Leaving your computer on will only make things worse. Don’t be curious!
Keep in mind that some ransomware variants don’t attack right away, but wait till the computer is idle to do the bad deeds. The point is the chance you recognize that your computer is being attacked can be rare.
But if you think you’ve been infected or are seeing evidence of that — the machine might act odd or has a lot of unusual activities — turn the computer off immediately and call a professional.
The second: Keep your computer safe from unintended access
This part is a lot more complicated. The objective is to make sure nobody can use or manipulate your computer without your permission or knowledge.
This can be as simple as keeping your password secure, but there’s much more to do if you want to make sure nobody can access it remotely. The following are what you should generally do.
- Stay alert: Assume that you’re vulnerable and maintain vigilance. Again, it only takes a few seconds (via a few mindless mouse clicks) to get infected.
- Stay updated: Keep your computer update to date with the latest security updates.
- Strong passwords: Always use strong passwords and keep them safe. (By the way, when it comes to passwords, complexity is not associated with security. Instead, use a private hard-to-guess one that’s easy for you to remember and use. It can be a sentence, or a long string of numbers, or a mix of both.)
- Beware of attachments/embedded links: Do not automatically open email attachments or click on embedded links from an email or chat screen or social media without knowing for sure that it’s safe. (Generally, by hovering the mouse on the hypertext, you can preview the entire link itself on the status bar at the bottom of the window.)
- Use protection software and keep it up to date. At the least, the software might give you more warnings before you’re about to execute some suspicious codes. However, don’t rely solely on protection software; the last line of defense is always you, the user. (Windows 10 users: Use the built-in Windows Security app — more below.)
- Turn your computer off: Leaving your computer on 24/7 not only wastes energy but also gives bad guys more time to mess with your system from afar. So, turn it off when you’re ready to call it a day.
- Set up remote access correctly: Do not turn on remote access unless you intend to use it. When you turn it on, make sure you know how to do that safely. The most basic is to change the default port number. Also, using strong passwords is a must.
How to minimize, manage ransomware’s damages
Trying to prevent ransomware aside, it would be best to assume that all of the measures above might fail — we’re all susceptible to mistakes. So, it’s a good idea to prepare for the case that you do get infected.
Here’s a sad truth: If your computer gets ransomware, there will be damages. What we’re doing here is trying to manage or minimize that. Chances are, you will need to rebuild your computer from scratch. The key here is to keep your data safe.
And the only way to make sure your data is safe is via a good backup practice. Let me say that again, having regular and proper backups is the only sure way to keep your data intact against a ransomware attack.
Good and proper here means the backup should not be readily available to the user. If the backup is accessible by the infected account’s oner during the attack, the backups themselves are also encrypted and therefore useless. (The stranger can spray glue on things inside your storage room, too.)
General guidelines on good and proper backup
- Back up regularly. This is a daily (if not hourly) matter.
- For homes:
- Take a backup offline. An example of offline backup is to alternate backups on two or more external drives and disconnect each drive after a backup job or each day. The point is you always have a set of backups that are not connected to a computer.
- Use some cloud backup service. In my experience, some, like Google Drive and Microsoft OneDrive, are smart enough not to back up data that’s encrypted by ransomware, and most give enough free online storage for your important data.
- For an office, use the home backups above and also consider:
- Use a different user account for the backup job and prevent any other users from accessing the backups. The objective is to make general have no access to the bakcups.
- Use a NAS server, such as the Synology DS220+, or the DS1621+, as the backup destination. These servers can keep versions of their data using Snapshots (shadow copies), allowing you to restore if their share folders are infected.
By the way, you use a Windows computer/server as a backup destination, make sure you turn on the Shadow Copy feature on that computer.
Note: If the server itself is infected, Shadow Copy doesn’t help since ransomware tends to delete all local shadow copies as part of its infection. So, again, make sure the server’s admin account, the one you use for making the backups, is safe by keeping its password secure.
And that’s it. If you follow the backup guidelines above, your data will be safe, even if you’re infected with ransomware. You might still need to hire somebody to restore the data, but the cost will be substantially less than paying the ransom.
If you use Windows 10, check out the Ransomware protection feature below.
Extra: How to prevent ransomware attack using Windows Security
Windows 10’s built-in Windows Security Center has a new Ransomware protection feature that protects your files when the computer is infected. By the way, this feature is available in the upcoming Windows 11, too.
Here’s how it works: This feature preemptively limits the full access (read and write) to specific folders and only allows pre-approved applications to change the content inside these folders. Other apps only have read-only access.
Microsoft determines these “whitelisted” applications automatically and generally includes common apps. However, you can also manually add other apps to the allowlist. Ransomware, by default, is not on the list and, therefore, won’t be able to make changes to your files to do any harm.
In other words, Windows 10’s ransomware protection feature adds another protective layer around your data by allowing only “known” or approved apps to change your data. As a result, your information is safe even if your computer is infected with ransomware.
Using this method does have some bad side effects: Many legit apps will not work properly until you manually put them on the allowed list. But that’s a small price to pay.
Note: If you’re using a third-party antivirus program, which will generally disable Windows Security, you’ll need to remove that software and enable it first. Generally, there’s no need to use anything other than Windows Security anyway.
Steps to turn on ransomware protection on Windows 10
- Click on the search field by the right of the Start button (lower-left corner) and search for Ransomware Protection. As it appears on the Start Menu, click on it — the Ransomware Protection page of Windows Security will appear.
- Under Controlled folder access, slide the switch to the On position. Click on Yes to the User Account Control prompt.
- Click on Protected Folders. Here you’ll see that all the folders in the current profile (Documents, Pictures, Music, etc.) are already there. You can add or remove other folders of your choice, including network shared folders, by click on the plus (+) sign. Once done, click on the back arrow ( <- ) on top to go back a page.
- Click on Allow an app through Controlled folder access. Here, you can add more apps of your choosing to have full access to the content of protected folders by click on Add an allowed app. If you’re not sure, leave this list blank.
By the way, On this page, you can also set up OneDrive to get additional backup and protection. OneDrive gives you 5GB of free online storage, enough for a large number of important documents.
And that’s it! From now on, your data is safe even when your computer is under a ransomware attack. (Still, don’t count on this 100%, make sure you also do the backups mentioned above.)
Again, keep in mind that this feature might block good software from accessing your data, too. You might note some software, like scanner or photo editor, might show errors. In this case, you’ll need to repeat step #4 and add the applications in question to the list of allowed apps.
In the past few
years days, I’ve run into way more sad ransomware-related situations than I want to remember.
In all of them, the involved parties weren’t aware of how bad ransomware was to care enough about prevention and protection beforehand. So, let me repeat this:
Ransomware is a type of evil that occurs like a heart attack: out of the blue and often without warning.
So, check on your precious data right now and, at the very least, make a backup before it’s too late. Stay safe!