Over re­cent years mil­lions of PCs have been locked or had their files en­crypted by ma­li­cious pro­grams de­signed to ex­tort money from users. Col­lec­tively known as ran­somware, th­ese ap­pli­ca­tions have be­come a real scourge for con­sumers, busi­nesses and even govern­ment in­sti­tu­tions. Un­for­tu­nately, there’s no end in sight, so here’s what you should know.

1. It’s not just your PC that’s at risk

Most ran­somware pro­grams tar­get com­put­ers run­ning Win­dows, as it’s the most pop­u­lar op­er­at­ing sys­tem. How­ever, ran­somware ap­pli­ca­tions for An­droid have also been around for a while and re­cently, sev­eral vari­ants that in­fect Linux servers have been dis­cov­ered.

Se­cu­rity re­searchers have also shown that ran­somware pro­grams can be eas­ily cre­ated for Mac OS X and even for smart TVs, so th­ese and oth­ers de­vices are likely to be tar­geted in the fu­ture, es­pe­cially as the com­pe­ti­tion for vic­tims in­creases among ran­somware cre­ators.

2. Few suc­cess­ful pros­e­cu­tions

There have been some suc­cess­ful col­lab­o­ra­tions be­tween the po­lice and pri­vate se­cu­rity com­pa­nies to dis­rupt ran­somware cam­paigns in the past. The most prom­i­nent case was Op­er­a­tion To­var, which took over the Gameover ZeuS bot­net in 2014 and re­cov­ered the en­cryp­tion keys for Cryp­toLocker, a no­to­ri­ous ran­somware pro­gram dis­trib­uted by the bot­net. In most cases, how­ever, the po­lice are pow­er­less in the face of ran­somware, es­pe­cially the vari­ants that hide their com­mand-and-con­trol servers on the Tor net­work.

3. Back up, back up, back up

Many users back up their sen­si­tive data, but do it to an ex­ter­nal hard drive that’s al­ways con­nected to their com­puter or to a net­work share. That’s a mis­take, be­cause when a ran­somware pro­gram in­fects a com­puter, it enu­mer­ates all ac­ces­si­ble drives and net­work shares, so it will en­crypt the files hosted in those lo­ca­tions too.

The best prac­tice is to use what some peo­ple call the 3-2-1 rule: at least three copies of the data, stored in two dif­fer­ent for­mats, with at least one of the copies stored off-site or off­line.

4. Don’t count on get­ting lucky

Some­times ran­somware cre­ators make mis­takes in im­ple­ment­ing their en­cryp­tion al­go­rithms, re­sult­ing in vul­ner­a­bil­i­ties that al­low the re­cov­ery of the files with­out pay­ing the ran­som. In­deed, there have been sev­eral cases where se­cu­rity com­pa­nies were able to cre­ate free de­cryp­tion tools for par­tic­u­lar ver­sions of ran­somware pro­grams. Th­ese are tem­po­rary so­lu­tions though, as most ran­somware de­vel­op­ers will quickly fix their er­rors and push out new ver­sions.

There are other sit­u­a­tions where se­cu­rity re­searchers take con­trol of com­mand-and-con­trol servers used by the ran­somware au­thors and make the de­cryp­tion keys avail­able to users for free. Un­for­tu­nately th­ese cases are rare.

Most se­cu­rity ven­dors dis­cour­age pay­ing the ran­som, be­cause there’s no guar­an­tee that the at­tack­ers will pro­vide the de­cryp­tion key and be­cause it ul­ti­mately en­cour­ages them.

5. Preven­tion is best

Ran­somware pro­grams get dis­trib­uted in a va­ri­ety of ways, most com­monly through ma­li­cious email at­tach­ments, Word doc­u­ments with macro code and web-based ex­ploits launched from com­pro­mised web­sites or ma­li­cious ads. Many are also in­stalled by other mal­ware pro­grams.

As such, fol­low­ing the most com­mon se­cu­rity best prac­tices is crit­i­cal. Al­ways keep the soft­ware on your com­puter up to date, es­pe­cially the OS, browser and browser plug-ins such as Flash Player, Adobe Reader, Java and Sil­verlight. Never en­able the ex­e­cu­tion of macros in doc­u­ments, un­less you have ver­i­fied their senders and have con­firmed with them that the doc­u­ments should con­tain such code. Care­fully scru­ti­nise emails, es­pe­cially those that con­tain at­tach­ments, re­gard­less of who ap­pears to have sent them. Fi­nally, per­form your day-to-day ac­tiv­i­ties from a lim­ited user ac­count, not from an ad­min­is­tra­tive one, and run an up-to-date an­tivirus pro­gram.

In most cases, the po­lice are pow­er­less in the face of ran­somware, es­pe­cially the vari­ants that hide their com­man­dand-con­trol servers on the Tor net­work

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.