Ransomware Protection: Why you need it
It is extremely dangerous to hold a person hostage in the real world. The act of kidnapping a victim by malefactors is dangerous. They must then keep the victim alive while they negotiate for their release. Another flashpoint is the exchange of victims for ransom. Computer ransomware is, however, as manageable as it can be. The malware sneaks in undetected, encrypts files, and demands a ransom in an untraceable currency. In frustration, the victim may throw crockery at a wall and cause violence. Your antivirus utility should indeed wipe out ransomware, just like it wipes out any other type of malware, but if it doesn’t, the consequences can be dire.
Although it is not ideal to have a Trojan or virus infect your computer, cause havoc for a few hours, then be removed by antivirus updates, it can still be managed. It’s quite different when ransomware is involved. Your files are already encrypted so removing the perpetrator will not do any good and could even affect your ability to pay the ransom if you choose to. You can add ransomware-specific protection to your security products.
It’s even worse when your business gets attacked by ransomware. Each hour of productivity lost could cost you thousands or more, depending on the nature and size of your business. While ransomware attacks have increased, there are ways to combat them. We will be discussing some tools that you can use to defend yourself against ransomware.
What is Ransomware and how can you get it?
Ransomware works on a simple principle. The attacker will find a way to steal your data and demand payment. The most popular type of ransomware is encryption ransomware. This allows you to lock out your documents and replace them with encrypted copies. You will receive the key to decrypt the documents if you pay the ransom. Another ransomware is available that blocks all access to your computer and mobile devices. Screen locker ransomware is less dangerous than encrypting ransomware, but it’s easier to defeat. The most dangerous malware is the one that encrypts all of your hard drives, making it unusable. This last type of malware is rare.
You won’t notice it if you are hit by ransomware. It doesn’t show the usual signs that you’ve got malware. The ransomware encryption works quietly in the background and aims to finish its evil mission before you even notice it. After the ransomware is done, it will display instructions on how to pay the ransom or get your files back. Naturally, the perpetrators require untraceable payment; Bitcoin is a popular choice. Ransomware might also ask victims to buy a gift card, prepaid debit card, and provide the card number.
This infection is often transmitted via infected Office documents or PDFs that are sent to you by email that appears legitimate. You may think it came from your company’s address. That seems to be what happened with the WannaCry ransomware attack a few years ago. Do not click the link if you are unsure about the legitimacy of the email.
Ransomware is a type of malware that can be delivered to your computer using any method. For example, a drive-by download that is hosted on a malicious advertisement at a site otherwise safe. This could be done by installing a fake USB drive on your computer, but this is rare. If you’re lucky, your malware protection utility will catch it immediately. You could get in trouble if it doesn’t.
CryptoLocker, and other encryption malware
CryptoLocker was the most well-known ransomware variant until the WannaCry attacks. It was first discovered several years ago. An international consortium of law enforcement and security agencies took down the group behind CryptoLocker, but other groups kept the name alive, applying it to their own malicious creations.
A Dwindling Field
A few years back, there were dozens of standalone ransomware protection tools available from consumer security companies. Many of these tools were also free. Many of these tools have disappeared, for various reasons. Acronis Ransomware Prevention was once a standalone tool that could be used for free, but it is now part of the company’s backup software. Malwarebytes Anti-Ransomware is now only available as part of Malwarebytes Premium. Heilig Defense RansomOff’s web page simply states that “RansomOff” will return at some point.
Enterprise security companies offer ransomware protection tools as freebies to consumers. Many of these tools have fallen to the wayside as companies realize that offering a free product takes up resources. CyberSight RansomStopper and Cybereason RansomFree have also been discontinued.
Bitdefender Anti-Ransomware has been discontinued for a practical reason. It was still available, but it used an unusual approach. Ransomware attackers who encrypt the same files twice could lose the ability to decrypt them. Many ransomware programs leave a marker to prevent double-dipping. Bitdefender would mimic the markings for well-known ransomware types and tell them to “Move on!” You’ve been there! This approach was too narrow to be practical. CryptoDrop too seems to have disappeared, although its website is still available.
Ransomware Recovery
Even if ransomware can get past your antivirus, there are chances that an antivirus update will remove the attacker from your computer in a matter of minutes. Unfortunately, removing ransomware doesn’t guarantee your files will be recovered. You can only guarantee your files’ recovery by having a backup in the cloud.
There is a chance of recovering files, but it depends on the ransomware strain that encrypted them. It’s great if your antivirus (or ransom note) gives you an address. Several antivirus vendors, including Trend Micro, Kaspersky, and Avast, offer a variety of decryption utilities. Sometimes, the utility will need the original unencrypted file of an encrypted file to correct the problem. A master decryption key is also available in other cases, like TeslaCrypt.
Ransomware is best stopped from taking over your files. This goal can be achieved in a variety of ways.