Preventing (or Surviving) Ransomware Attacks

Ransomware

Among all the common threats to PC security today, ransomware may be the most harmful and painful for users. It not only locks your device and prevents you from accessing your computer and data, but also may send all your data to attackers over the internet and potentially grant them access to your online accounts through credentials saved in your browser.

CBS News just published a fascinating article about the “Dispersion Spider,” an organized hacking group that hijacked Las Vegas casinos, shutting down their hotels and slot machines. While your computer may be a less attractive target, preparing for the worst is still wise.

For victims of ransomware, seeing a message on their screen stating that their computer has been infected (and they must pay to regain control) can be a sudden moment of panic, turning to anger as they attempt to retrieve files and realize the awful truth. If you’re hit by a ransomware attack, stay calm and don’t send any funds to the attackers.

In this guide, we’ll provide you with essential tips for preventing ransomware attacks and tell you what to do if your computer becomes infected.

How to Prevent Ransomware Attacks

As I’ve explained in the security terms glossary, ransomware is a type of malware that locks you out of your system, with the goal of extorting money from you to release your computer and files. The best time to deal with a ransomware attack is before it happens. You can take the following four steps to avoid becoming a victim, or better prepare yourself to recover quickly if you do eventually fall victim.

1. Store Data in the Cloud

By keeping all your important data online rather than relying solely on local storage, you’ll be less likely to lose any data you care about if your hard drive is maliciously encrypted (or simply fails). Personally, I’ve been using a redundant hybrid cloud setup for years since I frequently switch computers. Because all my photos and files are stored and backed up in multiple places (both at home and in the cloud), I can easily set up a new computer and wipe the old one at any time.

2. Use a Firewall

Modern Wi-Fi routers with robust firewalls can help eliminate the hassle of phishing attacks and clicking on malicious links. This is especially important if you have kids at home or other users who may be prone to clicking on malicious links. Consider selecting a router with robust firewall capabilities, such as Orbi 970, which includes security services supported by BitDefender to automatically detect known malicious sites and prevent you from loading them into your browser.

Even better, install dedicated firewall devices like Firewalla Gold SE, which offer excellent automatic threat detection, intrusion detection, ad blocking, and many other killer security features.

Firewalla-Gold-SE-review

3. Keep your antivirus software enabled and up to date

As long as you keep it updated, basic antivirus software is always better than none. Whether you rely solely on the built-in Windows Security or not, you must ensure that its updates run daily to maintain adequate security. Protected.

4. Use a password manager and strong passwords

Any password that is easy to remember is not a strong password, and you should never use the same password across multiple websites. To ensure that all your passwords are reliable and easier to change frequently, use a password manager like Dashlane or Keeper.

If you need to change all your passwords after an attack, this will save you a lot of trouble, and encrypting passwords prevents attackers from reading them from your hard drive. (If you do get infected with ransomware, make your password manager the first account credential you update, as it contains all your other credentials.)

How to survive a ransomware attack

1. Take a deep breath

Ransomware is so common because it is an effective way for attackers to get money from victims. This threat exploits weaknesses in personal computer security and user emotions. Attackers rely on you losing your cool and paying immediately. But don’t let your emotions control you. Take a deep breath and find a guide for yourself (like this one!) to guide you through the next steps.

2. Do not engage with the attackers

Ransomware attacks are automated, which means the people behind the attack cannot directly target you or your computer. When the attack occurs, you may just be a line item in their activity logs that they haven’t looked at yet, so do not interact with the malware to increase your profile.

Do not click on any links, send any emails to addresses sent to you, or pay any ransom. Contacting the attackers will only make them more focused on getting what they want from you, putting you at further risk, and paying the ransom does not guarantee that you will retrieve your data.

3. Disconnect devices from the internet

Disconnect your device from the internet as soon as possible to prevent it from sending your data to attackers or infecting other devices on the network. If you are using an Ethernet connection, simply unplug the cable immediately. If you are using a home Wi-Fi network, try disconnecting via the Wi-Fi settings on your computer, or switch to airplane mode if you still have enough control over your computer.

Whether effective or not, access the router’s menu from another device and identify your computer in the client list, then block the computer’s access to the network by accessing the “Access Control” or “Blacklist” menu (which may have a different but similar name on your home router).

NETGEAR-Router-Orbi

Using the router’s access control menu to block the infected computer from rejoining the network until any ransomware is completely eradicated.


4. If this is your work computer, immediately notify your IT manager

Consumers are not ideal targets for ransomware attacks because they typically do not have enough money to pay large ransoms, and if their personal photos are backed up on another device, they may not care about paying the ransom. However, if for some reason your work computer is attacked, contact the IT department. It has a vested interest in helping you deal with the aftermath.

5. Change all passwords

Some ransomware can capture your data and send it to its controllers to steal useful financial information, website credentials, or other data that can be used for further attacks or identity theft. Therefore, now is the time to start changing all your online account passwords.

If you use excellent password managers like Dashlane or Lastpass, this will help you automate the process somewhat. If not, you will need to log in to each account and manually change the passwords to complete this process. Prioritize your email account first so that it is not hijacked and used to exacerbate attacks on your data and identity. Then proceed to your financial accounts, your major cloud accounts (such as Google and Apple), your ISP and mobile carrier, and all other accounts in the long tail of websites you use.

As a precaution, don’t forget to change your Wi-Fi password as well. Literally, any credentials you have used on that PC need to be changed because all of those credentials could soon appear on the dark web after the attack.

dashlane2

6. Preserve evidence… or wipe the drive… or attempt data recovery

Once you have isolated your computer from the network and the internet, ransomware is almost powerless beyond completing the encryption process on your hard drive. Malware experts widely consider attempting to stop encryption by shutting down the computer risky, as it may render the entire drive unrecoverable. What you choose to do next depends on several factors.

Is it your personal computer or a work machine? Do you want law enforcement involved? Do you need to recover data, or can you survive without it? Each question will guide you down a different path.

If it’s a work computer, by now you should have contacted your IT department, and you will follow all subsequent steps as directed by them. They will almost certainly advise you to change all passwords, as we’re doing here, but may also want you to take steps related to incident reporting and locking down access to company systems. Some companies may also require you to undergo some form of cybersecurity training before granting you full access to their systems again.

If your personal computer is attacked, you may or may not want to involve law enforcement. The FBI has a cybercrime division to which you can file complaints at www.ic3.gov. If you do involve law enforcement, you will need to preserve as much evidence as possible, which may include handing over the affected hard drive so that investigators can determine the type of malware used and possibly identify the attackers. Whether all this hassle is worth your time is debatable, but you may feel better knowing you’ve contributed to fighting this type of crime.

Regardless of whether you choose to involve law enforcement, determine how important it is for you to retrieve your data. If you’re handing over the hard drive as evidence, it may be a while before you see it again, so any data recovery work should be done before turning the drive over to the authorities. While there are several methods to decrypt the drive yourself, the risk of infecting the machine used for recovery or inadvertently corrupting the encrypted data during the process outweighs the probability of successfully recovering the drive. So, I recommend contacting a professional data recovery service specializing in ransomware recovery, such as OnTrack, for the best and most secure data recovery. Be aware that professional data recovery services aren’t cheap and may not even work, and in most cases, you’ll have to pay for the service regardless of whether the recovery is successful.

If you want to save money and move forward, or don’t even care about recovering the data, the best option is to wipe the infected hard drive and store it in a closet in case you decide to use recovery services later. The cost of hard drives is so low now that there’s no reason to prioritize salvaging a hard drive over ensuring the malware doesn’t survive and re-infect your computer.

Now, if you’re not planning to recover the data, simply remove the physical hard drive to a local shredding service to destroy it. If you can’t afford to replace the drive, at least ensure it is fully repartitioned so that the master boot record and all existing partitions are completely wiped, leaving no hidden space for the malware. Install a new drive, reinstall Windows, restore all your backups, and then get on with your life.

Leave a Reply

Your email address will not be published. Required fields are marked *