By Stephen Cobb, Sr. Security Researcher, ESET
Ransomware authors use strong encryption techniques to lock up your files and only the kidnapper has the key. These criminals typically offer only one way out: pay the ransom, or kiss your data good-bye. And, even if you do pay, there’s no guarantee you’ll get the key to get your files back. Despite the repercussions, many people are unaware of ransomware or how to defend against it, as our new survey shows.
Hopefully you will never be forced into that situation, and with these tips you can prevent ransomware from holding your digital life hostage.
- Keep your software programs up-to-date. Update your operating system and software with the latest patches and updates. Enable automatic updates if you can. (All those pop-ups can be annoying, yes, but there is a good reason for them–they are often intended to protect you from hackers getting to your device through their software!)
- Install an internet security suite. Install a full-featured security suite, such as ESET Smart Security, that provides comprehensive protection—not just antivirus. Look for the following:
- Antispam that filters out emails that might contain ransomware-spreading attachments or links to ransomware-laden websites.
- Anti-Phishing that prevents you from visiting suspicious sites masquerading as trustworthy ones.
- An exploit blocker that protects against security holes in software often used to spread infections and adds another layer of protection by fortifying applications on users’ systems that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.
- Software firewall can block ransomware from connecting to a Command-and-Control sever before encrypting your files, providing an additional layer of defense.
- Learn to spot a “phish.” Phishing schemes use various means to trick you, and are one of the most-common ways that data-nappers plant ransomware on your machine. One trick is to masquerade as an email from a well-known company, designed to look like the real thing. Take this quiz and see how well you can spot a phish (Internet Explorer has issues with this quiz; we recommend using another browser.)
- Back up your data. The single biggest thing you can do to foil a ransomware attack is to keep a regularly updated backup of the files that are important to you. You can do this with an external drive, a cloud backup service, or both. Bear in mind that ransomware will try to encrypt not just the files on your internal hard drive, but also on any USB drives, external drives or cloud-file storage that has been assigned a drive letter. So it’s important that any backup service is either not assigned a drive letter or, disconnected when not actively doing a backup.
- Tweak your settings. If you’re an advanced user, there are some settings in your system that you can tweak to foil the current generation of ransomware. Check out our We Live Security blog post devoted to the subject, written by ESET security researchers.
It doesn’t take much for ransomware to take over an unprotected computer. And while the possibility of an infection is alarming, an alarm can be a good thing. There are many, many ways you can lose your data. Ransomware is just one of them. But the steps you take to defeat ransomware will protect you against many other cyber threats. The first step in protection is awareness, so you now have the first one checked off your list! And remember. Back up, back up, back up… frequently! It has always been, and always will be, the best practice to protect your digital life.