Get free access to our online edition!


Tech Forum





July 2017

Ransomware Scare

There has been quite a bit of news lately about so-called “ransomware.” Can someone explain how it works and is there a fool-proof way to keep my machines (and those of my family) protected?

#7171
Jerry Turner
Joliet, IL



Answers

Ransomware is malware that encrypts your drive so that you cannot access it without buying a key (password). About half the time, the mark pays the money and doesn’t get the key, or files are so damaged the “key” is useless. Best thing to guarantee safety from ransomware (and other malicious malware): backup (or better image) your drive(s) as often as feasible and store the image disconnected from the PC. You can always revert to that image.

In addition, use anti-malware software suites with good reputation, such as Avira, Avast! or Kaspersky. Or use an operating system less likely to be attacked, such as Linux (though Linux is not invulnerable, it has a far lower incidence of malware).

Anonoous

To clear things a bit, there are two basic types of malware, one being virus-based, which is more typical with many variations. The other is classified as Ransomware which technically speaking is a “virus” of sorts, but is classified as Ransomware because of the way it behaves, namely that your computer becomes ransom to the attackers which demand you pay a ransom to get back your computer.

Ransomware is a relatively new form of infection compared to the virus infection. Most anti-virus/anti-malware programs - and that includes popular brands for both Windows and Macs (yes Macs can get infected), are not generally engineered for Ransomware protection. However, recently that has changed due to the increase in Ransomware attacks. Programs such as Malwarebytes Premium (www.malwarebytes.com/premium/), which has recently been renamed to Malwarebytes 3, claims to protect PCs from the garden variety of virus infections as well as protect you from potential Ransomwar attacks.

In terms of how a Ransom attack works: generally, in terms of becoming infected, it works similarly to any other computer virus; a computer can be infected by a drive-by (visiting a website that has a Ransomware virus), or more directly by clicking on an email link that looks legitimate but is a phising scam that infects your machine with the Ransomware virus. Once your machine is infected with the Ransomware, depending on the nature of the Ransomeware, it will begin to encrypt files on your hard disk. In addition, it will in effect, take over your machines so that you really can’t do anything with it until you pay-up. However, there have been many instances where the bad actors will not provide the key to unencrypt your machine even after paying the Ransom.

In terms of “fool proof” protection, there’s no such thing as fool-proof with virus or ransomware infections, The only almost fool-proof protection would be to never connect your computer to the Internet or ever let someone insert a USB stick into it which could infect your machine.

That doesn’t mean you can’t protect yourself from being infected in the first place. The best protection at this time is (and this is not an exhaustive list):

  • Don’t click on any links that look strange.
  • Don’t open email attachments from anyone you’re not expecting.
  • Don’t visit sites and click links on them that you’re not sure about.
  • DO install anti-virus/anti-malware on each computer in your house or network setup - Malwarebytes 3 is a good choice - there are other but they are more complex to work with. There is also a free version of Malwarbytes but it does NOT offer Ransomware protection, so stay clear of it.

The final tool in your arsenal that will above all others be required if you can’t remove a Ransomware infection is a backup. I tell this to my clients:
Do an image backup of your computer’s hard drive; an image backup is a “snapshot” of the entire hard drive, including the operating system such as Windows, In the event of a Ransomware infection (or even a hard disk failure) restoring your machine using the image backup will restore the machine to the time the image backup was made - everything will be there but without the Ransomware.

The obvious concerns with an image backup is that if you back up your machine on weekley basis, your backups will be a week old. Whenever you restore your machine using the last image backup, whatever files were added between the last image backup and the point you restore the machine will not be there. But, you will have the certainty that your machine has been restored to a ramsomware free state.

To do an image backup requires that you have backup software installed. I personally use Macrium Reflect (there are other programs) to create image backups and it has saved my bacon on a number of occasions. It takes a bit of learning to use, but once you understand how to make and restore backups you will have an “ultimate” restoration tool in the event Ransomware somehow gets through, or if your hard drive fails and the machine can’t boot.

Macrium Reflect offers a free edition of their backup software at www.macrium.com/reflectfree. The free edition will allow you to create image backups of your hard drive and restore the hard drive from the image backups. The image backups should be stored on an external USB hard drive (if you store the backups on your PCs hard drive and it gets Ransomed you will be unable to use the backup image). So If you currently don’t have an external USB drive I would suggest you purchase one of at least 1TB size to store the image backup to.

In addition, you will need a USB stick (16GB) to create Restore Media that is used to boot your computer in the event you want to restore your Ransomed computer’s hard drive.

Lastly, using any backup program requires that your computer be able to boot from a USB Stick (or CD ROM drive). Many computers these days are optioned to just boot from the internal hard drive on the computer. So, for restoring a computer from a backup image requires that you can boot the computer using a USB stick (under the presumption that the internal hard drive is defective or Ransomed).

If your computer can’t currently boot from a USB stick you will need to alter the BIOS so that a USB device, rather than the internal hard drive, is the 1st choice when booting. And if you have multiple computers in your household you’ll want to install something like Malwarebytes 3 and Macrium Reflect on each of them. You can get discounts when you purchase either of these programs for multiple computers.

So, installing anti-virus/anti-malwayre, being security concious and not clicking on links, etc, and doing regular image backups is your best way to stay safe from not just Ransomware infections but most other infections as well. Admittedly, there’s a lot to do to protect yourself but unfortunately, as they say in security, the bad guys have to be lucky only once — you have to be lucky and vigilant 100 percent of the time.

Peter Sarro
New York, NY

Tags: