Ransomware attacks turn important files into encrypted gibberish; paying to get them back is often your only option. Ransomware protection can prevent those attacks from succeeding.
Many years ago, malware writers created viruses and other malware for geek cred, not money. Maybe their creations would force computers to mention a girlfriend’s name, or they put on some kind of joke display. Those days are long, long past. Malware coding is just another business, today. Some attacks steal personal information that can be sold on the Dark Web. Others take control of a host of computers that their “bot herder” can rent out for such things as Distributed Denial of Service attacks. With ransomware, though, there’s no buying and selling involved. Ransomware goes straight for the cash, encrypting your important files and demanding that you pay to get them back. It’s true that your antivirus program should fend off ransomware just as it does other types of malware, but if it fails, even briefly, you’re hosed. It’s not great to have a virus or Trojan infest your PC, wreak havoc for a few days, and then get eliminated by an antivirus update, but it’s survivable. When ransomware is involved, though, it’s a different story. Your files are already encrypted, so eliminating the perpetrator does you no good, and can even interfere with your ability to pay the ransom, should you opt to do so. Some security products include protection layers specific to ransomware, and you can also add ransomware-specific protection as a helper for your existing security. It’s even worse when your business gets attacked by ransomware. Depending on the nature of the business, every hour of lost productivity might cost thousands of dollars, or even more. Fortunately, while ransomware attacks are on the rise, so are techniques for fighting those attacks. Here we look at tools you can use to protect yourself from ransomware. What Is Ransomware, and How Do You Get It? The premise of ransomware is simple. The attacker finds a way to take something of yours and demands payment for its return. Encrypting ransomware, the most common type, takes away access to your important documents by replacing them with encrypted copies. Pay the ransom and you get the key to decrypt those documents (you hope). There is another type of ransomware that denies all use of your computer or mobile device. However, this screen locker ransomware is easier to defeat, and just doesn’t pose the same level of threat as encrypting ransomware. Perhaps the most pernicious example is malware that encrypts your entire hard drive, rendering the computer unusable. Fortunately, this last type is uncommon. If you’re hit by a ransomware attack, you won’t know it at first. It doesn’t show the usual signs that you’ve got malware. Encrypting ransomware works in the background, aiming to complete its nasty mission before you notice its presence. Once finished with the job, it gets in your face, displaying instructions for how to pay the ransom and get your files back. Naturally the perpetrators require untraceable payment; Bitcoin is a popular choice. The ransomware may also instruct victims to purchase a gift card or prepaid debit card and supply the card number. As for how you contract this infestation, quite often it happens through an infected PDF or Office document sent to you in an email that looks legitimate. It may even seem to come from an address within your company’s domain. That seems to be what happened with the WannaCry ransomware attack a few years ago. If you have the slightest doubt as to the legitimacy of the email, don’t click the link, and do report it to your IT department. Of course, ransomware is just another kind of malware, and any malware-delivery method could bring it to you. A drive-by download hosted by a malicious advertisement on an otherwise-safe site, for example. You could even contract this scourge by inserting a gimmicked USB drive into your PC, though this is less common. If you’re lucky, your malware protection utility will catch it immediately. If not, you could be in trouble. CryptoLocker and Other Encrypting Malware Until the massive WannaCry attack, CryptoLocker was probably the best-known ransomware strain. It surfaced several years ago. An international consortium of law enforcement and security agencies took down the group behind CryptoLocker ages ago, but other groups kept the name alive, applying it to their own malicious creations. A Dwindling Field Several years ago, you could choose from a dozen or so standalone ransomware protection tools from consumer security companies, and many of those tools were free. Most of those have since vanished, for one reason or another. For example, Acronis Ransomware Protection used to be a free standalone tool, but now it only appears as a component in the company’s backup software. Likewise, Malwarebytes Anti-Ransomware now exists only as part of the full Malwarebytes Premium. As for Heilig Defense RansomOff, its web page used to say “RansomOff will be back at some point.” Now there’s no mention of the product. A few ransomware protection tools come from enterprise security companies that decided to do the world a service by offering just their ransomware component as a freebie for consumers. And quite a few of those have also fallen by the wayside, as companies find that the free product eats up support resources. For example, CyberSight RansomStopper is no longer with us, and Cybereason RansomFree has likewise been discontinued. Bitdefender Anti-Ransomware is gone for a more practical reason. While it existed, it took an unusual approach. A ransomware attacker that encrypted the same files twice would risk losing the ability to decrypt them, so many such programs leave some kind of marker to avoid double-dipping. Bitdefender would emulate the markers for many well-known ransomware types, in effect telling them, „Move on! You’ve already been here!“ This approach proved too limited to be practical. CryptoDrop, too, seems to have vanished, leaving the CryptoDrop domain name up for grabs. Ransomware Recovery Even if ransomware gets past your antivirus, chances are good that within a short while an antivirus update will clear the attacker from your system. The problem is, of course, that removing the ransomware itself doesn’t get your files back. The only reliable guarantee of recovery is maintaining a hardened cloud backup of your important files. Even so, there’s a faint chance of recovery, depending on which ransomware strain encrypted your files.
