What is Ransomware and How Do I Protect Against It?Category: primers
A 3 Minute Read
05 May 2017
Modified image by louisebatesuk
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Ransomware is everywhere, and it seems like it’s destroying everything. It’s attacking schools, hospitals, and businesses of all sizes, forcing them to pay tens of thousands of dollars in the hopes that they won’t lose all of their precious data.
Modern ransomware works by infecting a computer, encrypting all of its files so that nobody can read them without a secret key, and then forcing the computer’s owner to send a ransom to the hacker in exchange for the secret key. If the owner doesn’t pay, they may never see those files again. If those files are patient records, a clinic might be wiped out. If they were invoices, tax documents, and financial records, a business might go under.
Of course, if the ransom were just paid in regular fiat currency, then the hacker could easily be tracked down and arrested. The typical solution to this is to use Bitcoin, a virtual peer-to-peer currency that can be made relatively private. However, some forms of ransomware demand prepaid gift cards or prepaid credit cards instead. Either way, this makes it incredibly difficult to track down the culprits.
Regardless of payment type, however, there’s still a risk that the files won’t be decrypted even if a payment is made. While this usually isn’t the case (if it were, nobody would ever bother paying), it happens often enough that you don’t want to rely on being able to pay the ransom to get your data back, no matter how much money you have. Therefore, the proper way to deal with ransomware is to backup your computer, and backup your backup.
There are a myriad of methods to back up your data. What’s important is that you test your backup regularly (GitLab recently paid the price for not doing this). Additionally, it should be designed such that it won’t be impacted should you get hit by ransomware. For instance, if your backup is on a hard drive or network share that is always connected to your computer, then ransomware will likely encrypt it as well. As such, you should ensure that your backup is either offline, or that it is versioned, such that if it is encrypted and overwritten it can be restored to its previous state.
My own strategy is two-fold. First, I back up all my files to Spideroak (warning: I am an affiliate with them), which maintains separate versions of each file such that I can easily restore everything. You can use whatever cloud provider you feel comfortable with, but ensure that they properly version your files. Without versioning, the cloud storage software might upload your encrypted files and overwrite the safe versions if you get hit with ransomware, rendering the cloud backup useless.
Second, I back up to a home server running FreeNAS, which allows me to snapshot my files and easily revert back to a safe state. If you don’t want to set up a home server, you could use Windows’ 10 built-in file versioning, or a tool like Deja-Dup if you’re on Linux.
On top of backing up, it helps to take basic precautions such that you don’t get infected with ransomware in the first place. Basic measures, like not opening suspicious attachments and keeping software up to date, go a long way in defending against ransomware. If you want to read more on that topic, I would give this easy article on basic security practices a read.