I was at cruising altitude over the mid-west the first and only time I watched ransomware bite a victim. I had tried not to listen as the lady sitting next to me placed a call using the old-style in-flight cell phone mounted on the bulkhead in front of us. I used to fight for those delightful 737 bulkhead seats with a few inches extra leg room. Later, she asked me if I knew what to do about the blue screen on her laptop. I would have told her not to make the call if she had asked me earlier. A full-screen message in fixedsys hardware font instructed her to call a 900 number to fix her laptop. She said she had been charged a hundred dollars for the call and she gave them her credit card number. Clearly exasperated, she still couldn’t use her laptop.
That must have been over twenty years ago. Ransomware attacks have become more frequent and vicious in 2020. IT departments are more familiar with ransomware and better at recovery, but the attacks are still nasty: the cost of each attack on U.S. businesses averaged over three-quarters of a million dollars, which I suspect is under-reported because cyber-insurance often pays up on ransom demands, but insurers don’t like to reveal that they are easy targets. Despite the costs, close to 95% of victims get their data back. The majority restored their data from backups, but over a quarter paid the ransom. See the Sophos 2020 ransomware report.
Attacks on federal, state, and local government have increased and voting places are subject to disruption through ransomware. There are hints that this increase is from cyberattacks from hostile countries, but there is also big money in hacking, so don’t discount greed as motivation.
What Is Ransomware?
Ransomware is a malicious attack on a device that disables the device and extracts some form of payment from the device owner to return the device to normal. As hacks go, ransomware is a relatively simple way for unorganized hackers to extract money from computer networks. Unlike the lady on the plane’s case, hackers usually encrypt critical data and demand payment for decrypting it. Ransomware has encrypted hospital data files and caused at least one death. Payment is usually in the form of cryptocurrency, which is harder to trace than common credit card payments and cash transfers, but not impossible.
Ransomware’s starting point is usually social engineering in the form of a phishing expedition, email that tricks users into installing malicious code. The sudden transition to working from home this year has increased confusion at work, particularly around IT, which is a gift to hackers. Unfamiliar work equipment and routines have made tricking users into unwise clicks easier. Fake invoices and made up court cases are favorite phishing tackle for luring in unsuspecting victims.
These days, who can resist a friend’s urges to click on a tear-jerking web site or a friendly IT guy asking for your password? Make sure the person asking is your friend, not a masquerading criminal and be extremely cautious about giving out credentials like passwords. Make anyone who asks for them explain exactly why they need it and don’t be shy about making phone calls for verification.
Good News for Individuals
I have not seen reports that ransomware attacks on individuals have increased, perhaps because hacking businesses, healthcare facilities, and government is more lucrative. IBM reports a shift toward deep-pocketed large corporations as targets, especially manufacturing, which is perceived as more sensitive to downtime.
Still, I haven’t heaved any sighs of relief: easy DIY ransomware kits are easy to buy and do not require much expertise to implement, encouraging amateurs to try their hand at terrorizing their friends and neighbors and the pandemic has made keeping your cool under attack more difficult.
Protect Yourself
Your most effective protection from infection is not to get infected. To protect yourself follow elementary computer hygiene:
Elementary Computer Hygiene
- Beware of social engineering
- Use strong passwords
- Download and install with caution
- Patch operating systems and applications
- Avoid dodgy sites
- Scan regularly for malware
For more explanation of elementary computer hygiene, see Six Rules for Online Security.
Windows Defender Anti-Ransomware
Windows 10 anti-ransomware facilities is excellent in theory, but can be annoying in practice.
Ransomware protection is buried in Settings under “Update and Security.” Choose “Windows Security” from the menu on the left, then click “Virus & threat protection.” A new window will pop. You may have to scroll down to see “Ransomware protection.” Click “Manage ransomware protection.” Turn the “Controlled folder access” switch on.
With “Controlled folder access” on, Windows 10 blocks unrecognized programs from accessing files in a set of critical directories (folders). In theory, this will prevent ransomware from touching your treasured data and documents. How well this will work in practice depends on how well your use of your computer corresponds to Microsoft’s notion of typical usage. If you install lots of applications and add folders for yourself outside the norm, you may have to change the lists of protected folders and permitted programs.
If your computing life is pure vanilla, or you continually configure controlled folder access to your usage of your system as your usage changes, this is excellent protection; exactly what a good IT department does to protect corporate assets. But if you don’t take the trouble to keep the system properly configured, it will drive you up a wall.
I use Windows ransomware protection and like it. However, the fact is, an individual who follows basic computer hygiene is not likely to suffer a ransomware attack and the trouble to keep this facility configured may not be worth the trouble. Protected folders decrease your risk, but not as much as basic hygiene.
When You Are Attacked
If you are invaded by ransomware, backups are your best assurance of successful recovery from an attack, but they must also be protected. Using cloud storage, such as DropBox, Microsoft OneDrive, or Google Drive help, but are not absolutely foolproof. Smart hackers encrypt your backup copies as well as your originals. This is why simply copying your files to another disk drive on your desktop is not adequate protection. Secured cloud backups are much safer. An external disk drive that you switch off or disconnect when not in use is not convenient, but ransomware can’t get to a disconnected or powered-down drive.
A vulnerable file contains anything that will cause you distress if lost. Oddly, if you bought the content, you probably don’t have to worry much about backing it up. You can almost always get a replacement copy, but material you created yourself, paid someone to create for you, or were given as a gift, is often hard or impossible to recreate. Photo, videos, and sound recordings are in this category.
Don’t fall into the trap of blind faith in your backups. Your enemies are broken media and backup programs that don’t copy everything you value. Test them periodically. Make sure they are actually backing up your critical files. A business with valuable assets at stake should rehearse restoration. But they seldom do.
Phones, Tablets, and Apple
Personally, I don’t worry about ransomware on my phone because I don’t keep much data there. If I am ever hit with ransomware on my phone, I plan to do a hard factory reset, restore my contacts and stored photos from the cloud and go on my way. Whether you need to worry about ransomware attacks on your tablets depends on how you use them. I have two Microsoft Surface tablets that I use much like laptops. I protect them as if they were a laptop or a desktop.
I am not a heavy Apple user or an expert, but Apples have no special protection against ransomware, although the Apple “walled garden” enforces basic hygiene somewhat better than Windows, so they may be a bit less susceptible.
Final Word
Elementary computer hygiene is the secret to avoiding ransomware and a host of other computer problems. I never knew the outcome of the episode with the woman sitting next to me, but her first mistake was ignoring hygiene rule one: she was socially engineered into making that phone call.