With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.
We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
Webroot: For starters, how do you describe ransomware? What exactly is being ransomed?
Tyler Moffit: To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)
How does the average home user get infected with ransomware?
“Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.
How is the data ? Is the ransomed data actually taken or transmitted?
When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.
What types of files do ransomware attacks usually target?
Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.
How does the attacker release the encrypted files?
The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.
Tips for protecting your devices:
- Use reliable antivirus software.
- Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
- Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.
Remember, being an informed and aware internet user is one of the best defenses against cyberattacks. Stay tuned in to the Webroot blog and follow us on your favorite social media sites to stay in-the-know on all things cybersecurity.
We try to cover all bases in our security stack. Webroot. Cisco umbrella. Cyberoam UTM
Always smart to have multiple lines of defense.
Thanks for sharing, Dean!
All the Best,
Josh P.
Digital Care Coordinator
Online backup is needed rather than just a usb drive or network drive as many ransomware varients will search out backup files as something else to encrypt.
The backup should be a true backup so that you are able to jump back to ‘last Tuesday’ or similar before the encryption started.
I installed webroot and my computer still got infected with ransomware. Why is that ?
Hi, Ron.
Please work with our Advanced Malware Removal Team directly for all threat related matters.
Support Number: 1-866-612-4227 M-F 7am−6pm MT
Send a Support Ticket: http://wbrt.io/eyqx
Regards,
Josh P.
Digital Care Coordinator
We had one client with a zero day ransomware attack, but with the help of Webroot tech support, we had them up and running with only a very small loss of data! We have had a few other clients that had attempted attacks, but Webroot stopped them in their tracks. We use the Endpoint Console and have it set up to alert us to problems encountered. This has saved both us and our clients much time and headaches.
We use a combination of USB storage for backups as well as online.
Teaching good online practices is the best thing you can do. Don’t download free software that is normally paid, don’t search for free movies / music and beware of all the ‘download’ buttons that you think are legitimate.
Great advice, Chris. We sincerely appreciate your input!
Always good to have multiple layers of defence and also regular teaching for end users
Thanks Tyler, great summary.
What is this ransomware thing of which you speak? I have no idea what you’re talking about. As a long time Webroot user, I don’t think I’ve ever been exposed to this.
That’s really good if you’ve never come across Ransomware, Mat.
This video will give you a quick introduction into the World of Ransomware.
Multi-tiered approach is the best. DNS Filtering, strong antivirus (Webroot), solid backups and user training have kept my clients safe from Crypto-Malware so far.
Getting the clients to part with money for a backup strategy is the hardest part. The only way it becomes meaningful to them is when they do get hit by malware/virus infections and then they are on the phone bleating! After that, most will happily listen to what you have to say and go along with the solution offered.
I think education for the end user is one of the best solutions
Always have multiple backup method and security defense solutions!
Its always hard to have security in today’s internet always connected world. Common Sense goes along way – but when that is not there companies like Webroot make up the difference!
Thanks for the warm words, Travis!
Great info! I’ll be sharing this with my users ASAP!
Excellent, Jaymes!
Knowledge is Power 🙂