Five key defenses against ransomware: Internet Scambusters #961
Ransomware is costing US organizations and individuals an estimated $20 billion this year.
But the financial cost is only part of the worries about the spread of this malware.
It also puts people's health and safety at risk by disabling crucial networks and systems, as we report in this week's issue.
Let's get started…
Ransomware 'Threatens Safety and Health of Americans'
The growth of ransomware has reached crisis proportions to the point where it "jeopardizes the safety and health of Americans."
That was then-US Acting Deputy Attorney General John Carlin speaking a couple of weeks ago as he announced the launch of a new Department of Justice (DOJ) task force to tackle what is becoming one of the biggest malware crimes in the nation.
In fact, since we last wrote about the scam five years ago, the annual cost of ransoms to US citizens and organizations has ballooned from a few million dollars to several billions. One forecast suggests the total cost this year could be around $20 billion.
Businesses and public organizations like health and local government authorities are the main targets, shelling out as much as $20 million or more to get back access to their operating systems and frozen data.
Carlin says the affected organizations often pay up because they know the costs of damage from being locked out from their data could be many times higher than the amount of the ransom.
Organized crime gangs in China, Russia, and Eastern Europe are the main perpetrators. But individuals are also seeing a big uptick in ransom attacks, mostly from the Indian subcontinent and small gangs in the US.
Individuals usually face a ransom demand of between $500 and $1,000 payable in Bitcoin cybercurrency. Even if they pay, there's no guarantee the scammers will remove their lock. After all, they're crooks!
Consumers are also in danger when, as has happened, health service networks are attacked. This runs the risk that patients' health records and crucial monitoring and procedural programs are not available because files are locked up.
As you likely know by now, ransomware involves a hack attack or malware upload that, when activated, encrypts (jumbles and makes unreadable) the contents of a disk or even an entire network until a ransom is paid, usually in an untraceable format such as cybercurrency.
Most recently, home users have been targeted with a fake Microsoft Windows update that arrives by email and as a pop-up on infected websites.
"By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events," Carlin said in the Wall Street Journal. "And if we don't break the back of this cycle, a problem that's already bad is going to get worse."
One reason things might get worse is that people and organizations continue to pay their ransoms. As long as that happens, the crime is bound to grow. Some observers believe the only solution is for it to become illegal for organizations to pay up.
Ransomware payloads can be planted on corporate networks by hackers. But with home users, they usually arrive on personal computers via email links and attachments. Despite countless warnings, users still click on them, often because they are cleverly disguised to look like genuine communications.
100 Million Attacks
Big organizations use security specialists, purpose-designed toolkits, and other safety routines to protect themselves. But they still get caught out. So, what chance is there for the rest of us to stay safe?
Many consumer Internet security providers are now including ransomware protection inside their software suites, underlining the importance of not only having one of these programs installed but also of ensuring it's regularly updated.
Computer security firm Trend Micro says it has blocked more than 100 million ransomware attacks in the past five years. During that time, the attack level has increased fifteen-fold.
These suites also include the ability to schedule regular backups so that if a ransomware attack succeeds, a user can reinstate an earlier backup.
However, "sleeper" ransomware could pose a new threat. After being installed on a system, it could remain dormant until activated sometime later. If malicious code is present but "sleeping" on a computer, it might also be copied onto a backup and activate when this is reinstalled.
Not surprisingly, therefore, a number of new services are appearing that claim to be able either to unfreeze a ransomed machine or at least recover locked-out data. But no one has yet come up with an infallible protection and recovery routine.
Some of the big names in software, like McAfee and Microsoft, also set up their own task force at the end of last year to tackle the issue. Security industry watchers are hoping this group will join up with the new DOJ team and work together rather than duplicating each other's efforts.
5 Important Actions
In the meanwhile, here are the 5 most important actions you can take to protect yourself from a ransomware attack and its effects.
- Install and update security software as mentioned above. Here's a useful guide to some of the latest and best anti-ransomware products: The Best Ransomware Protection for 2021.
- Take and keep regular system backups so that, even if your last backup was infected, an earlier one may be "clean." These should be stored on a separate device, disconnected from your PC or network, such as a removable drive, and preferably stored elsewhere.
- Store your data -- documents, photos etc. -- on a separate disk or partition from your main operating system. That way, even if you lose access to your operating system, your data files might remain intact.
- Avoid automatically clicking on links and attachments with emails, even if they appear genuine. If you can, take the time to check with the supposed sender.
- In a worst-case scenario, where you lose valuable programs and data, or when the crooks fail to unlock, it may be possible to dis-encrypt the ransomed material. There are some specialist products for this but, generally, you will need to call in a professional. Even then, there's no guarantee it will work.
Should you pay a ransom? It's a tough call. However, the FBI is clear in recommending victims not pay. Plus, security experts at CyberEdge Group say that less than one in five victims who do pay get their files back.
Furthermore, as extortion victims in other types of crime know, once you pay, it makes you a potential easy target for future ransomware and other cyber-attacks.
Alert of the Week
Tech security expert and podcaster Tom Merritt has published new guidance on defending against cybercurrency scams.
Find his five best tips here: Top 5 Ways to Protect Against Cryptocurrency Scams.
That's all for today -- we'll see you next week.