Thoughts on this month's OUCH!
OUCH! rightly says "anti-virus cannot block or remove all malicious programs". A recent Tripwire blog forcefully continues: "At best, the tools you rely on to keep you safe give you a false sense of security, and at worst, they increase your risk." Another claim dear to my heart is one of those 'why bother - it's too much work' admonishments that's so easy to ignore: "... a common mistake that many people make with backups is to assume that it works without testing whether they can actually recover files". I recently added software to my Mac that prevented my booting from a backup drive. I discovered the problem the next morning when I tested the backup. What a relief to discover it then rather than when I needed that backup. —Ned Schumann
SANS OUCH! for August - What Is Ransomware?
Ransomware is a special type of malware that is actively spreading across the Internet today, threatening to destroy victim’s documents and other files. Malware is software--a computer program--used to perform malicious actions. While ransomware is just one of many different types of malware, it has become very common because it is so profitable for criminals. Once ransomware infects your computer, it encrypts certain files or your entire hard drive. You are then locked out of the whole system or cannot access your important files, such as your documents or photos. The malware then informs you that the only way you can decrypt your files and recover your system is to pay the cyber criminal a ransom (thus the name ransomware). Most often, the ransoms must be paid in some form of digital currency, such as Bitcoin. Ransomware spreads like many other types of malware. The most common method involves emailing victims malicious emails, where cyber criminals trick you into opening an infected attachment or clicking on a link that takes you to the attacker’s website.
Should You Pay the Ransom?
That is a tough one. The problem is that the more often people pay these criminals when they are infected, the more motivated criminals are to infect others. On the other hand, you may have no other option to recover your files. Be warned though, even if you do pay the ransom, there is no guarantee you will get your files back. You are dealing with criminals; they may not decrypt the files, or even if they do provide you with a decryption method in exchange for payment, something may go wrong during the decryption process or your computer may be infected with additional malware.
Back Up Your Files
Perhaps the best way to recover from a ransomware infection and not pay a ransom is to recover your files from backups.