So-called Ransomware is one of the biggest threats on the internet today. As opposed to the “classic” Virus or simple Trojan, the effects are felt very directly – a user’s most important files or even all accessible hard disks and SSDs are encrypted and then literally taken for ransom.
The still ongoing attack from “Wanna Cry” infected more than 120,000 PCs within mere hours, and that figure is rising!
What is Ransomware?
Ransomware is a group of malicious software programs that infect a machine through email attachments or email links, often disguised as invoices or payment reminders, for example. Genuine websites or advertising banners are being used more and more too, so that an infection can occur just by opening a website.
According to a survey carried out by the German Federal Office for Information Security from 2016, a third of German companies were victims of Ransomware. Private users are also now being targeted by the organized criminals behind these attacks. The FBI has also issued warnings about such attacks.
What happens when a machine is infected?
The aim of the criminals spreading Ransomware is not to seize your computer to integrate into a botnet or to access your passwords. Ransomware takes your files or even your entire computer for ransom. Immediately after the infection it starts to encrypt certain files, usually personal files or company files such as pictures, contacts, Word and Excel documents or company databases. It then displays a window that cannot be clicked away warning of a forthcoming “blackmail letter”. The victim is prompted to click on a link where instructions are posted on how to pay the ransom, normally using anonymous payment methods such as Bitcoins or a payment card.
What should I do in the event of an infection?
The German Federal Office for Information Security advises not to respond to the ransom attempt: “Ransomware is, as its name suggests, blackmail carried out by organized criminals. We strongly advise you to take necessary precautions so that you can call upon them when attacked – do NOT pay” (Source: German Federal Office for Information Security: Ransomware – Threat status, prevention and response, 2016, German only). You should then immediately notify your local police station.
How can I protect myself against Ransomware?
-
The safest way to protect against Ransomware
The safest way to protect against Ransomware, for both private and business users, is by making regular Backups. Ideally backups should be made on DVDs/CDs that cannot be altered by Ransomware. Otherwise on external storage mediums such as USBs that are – important! – not regularly connected to the computer or network. Ransomware can encrypt all accessible storage media, including NAS systems, connected USB sticks or devices connected by WLAN. O&O DiskImage 11 lets you make a Backup of your entire computer, and can burn these images to DVD or CD. You can back up Windows Servers and Desktops in a company with O&O DiskImage 11 Server and Workstation Editions.
-
Keep Windows and your installed programs up-to-date
Keep Windows and your installed programs up-to-date and install patches that close security gaps.
-
Be very wary of emails with attachments.
Even if you know the apparent sender: criminals are capable of copying sender addresses. Do not answer suspicious emails and do not open the attached files. Contact the sender by telephone to make sure that they actually wrote and sent the email.
-
Be very careful with your Administrator Account.
If Windows was newly installed then the user account created is normally equipped with administration privileges. This allows you to install programs, for example. The disadvantage however is that Ransomware (or a virus or Trojan too) also has these administrator privileges. It is best to create therefore a second account that only has the normal privileges and only surf the internet using this account. This serves at least to limit the damage of an infection.