11.28.16

Ransomware: How to avoid it and what to do if you’ve been infected

Out of all the hacking techniques employed by cyber criminals, few are as terrifying as ransomware. This specific malware variant encrypts all of the data contained on a computer. If you fall victim to a ransomware scheme, you won’t be able to access any of the files on your machine until you pay the hacker.

This can be devastating for people who keep irreplaceable data on their computer, such as family photos and videos, and many users are often quick to pay up. We want as many people as possible to avoid this scenario, so we’ve put together some tips on how to avoid an infection, as well as what to do if you happen to fall victim to such an attack.

Mitigation starts with backups

Before anything else, you’ll want to ensure that you have copies of all of your most important files. The entire point of a ransomware attack is to get you to pay to access this data again, and you can really take the sting out of such an infection if you properly back up everything.

That said, this process isn’t as simple as saving everything to a single flash drive in your house. All it would take is a fire, flood or other major physical disaster to lose your ability to fight back against ransomware. This is why computer experts recommend the 3-2-1 backup rule.

In this strategy, the user creates at least three copies of a piece of data. Two of these have to utilize different forms of media, such as a physical flash drive and cloud storage. Finally, one of these has to be geographically separated from the rest. A robust 3-2-1 backup plan would have one copy on your computer, one with a cloud storage vendor such as with Total Defense’s Online Backup and Unlimited Internet Security products and a third on a flash drive in your safety deposit box. Regardless of what happens, you can rest assured that at least one of these will survive.

Backing up data is important. Having three copies of your files is the best way to mitigate a ransomware infection.

Avoid risky situations

Once you’ve figured out your backup strategy, it’s time to focus on avoiding scenarios that might infect your computer. When it comes to ransomware, there are two situations that might compromise your cyber security: receiving phishing emails and surfing infected websites.

Phishing is by far the most used vehicle for ransomware distribution out there because it’s simple and relies upon human error. In fact, a study from PhishMe found that in March 2016, 93 percent of phishing scams observed by the firm had links to encryption ransomware.

All the hacker has to do is create an email that looks like it’s from a reputable source. Cyber criminals will often masquerade as a financial institution such as a bank, referring to an attached “bank statement” that is actually ransomware. The best way to avoid infection here is to never click on a link from an address you don’t recognize. Even if it does look legitimate, email services such as Gmail allow you to hover your mouse over the link to see what it actually contains.

The other, less used ransomware distribution technique is through infected websites. This is a little harder, as it requires the hacker to exploit a security vulnerability rather than rely upon human error. However, it is incredibly effective when done right. The Chinese restaurant chain Mr. Chow recently had to deal with many users visiting the site and getting infected. Outside of staying current on cyber security news, the only way to avoid this scenario is to invest in robust cyber security software that has built-in defenses against ransomware.

What should you do when you’ve been infected?

“First things first, don’t panic.”

First things first, don’t panic. While the hacker has blocked your access to the files on your computer, he doesn’t have the ability to actually read any of this data, so you don’t have to worry about your personal information getting leaked.

If you’ve followed up with a robust backup routine, the best course of action is to simply wipe your computer and fall back on the extra copies of your data. However, even if you haven’t backed up your information, do not pay the hacker.

These people aren’t reputable business owners who have an obligation to perform a service in exchange for money. They very well could receive your payment and demand more. In fact, this is exactly what happened to Kansas Heart Hospital when it paid the ransom to access its data. Thankfully, patients weren’t affected by this attack, but the point is that this situation could very well happen to you.

In fact, the FBI has stated that you should never give in to the hackers’ demands. Rather, contact your local law enforcement agency and let them handle the case. You may never be able to access the data on your machine again, but at the very least you haven’t encouraged the cyber criminal’s behavior.