by Dave Moore, 6-9-19
Wow. Ransomware; what a nightmare. Suddenly, you discover all the important files on your computer have been kidnapped, encrypted and held hostage by some Internet criminal, and you can’t access them at all. Worse yet, you must pay a ridiculous ransom fee to get the key to unlock your unreadable files, a sketchy proposition on a good day.
How did this happen? City leaders from Atlanta, Baltimore, Albany and at least 167 other city and state government agencies asked the same question as they helplessly watched utility, police, sheriff, 911 systems and county records offices shut down, unable to access critical documents, billing systems and databases.
Some officials tried to blame the problem on evil super-hackers, but the answer to “how did this happen” was almost universally the same: poorly trained employees ignorantly clicking on bad links and attachments, tricked by Internet crooks into opening the doors to important networks, installing dangerous software that goes right around normal protections like firewalls and antivirus programs.
There was no “hacking” that took place. Uneducated employees, just trying to get their jobs done, were simply fooled by fake con artist-generated emails into doing the wrong thing. Ransomware can sometimes be encountered through infected websites, ads or bogus news stories, but the preferred delivery method seems to be email. Sadly, though, some cities, like Baltimore and Riverside, Ohio, not reading the handwriting on the wall, and failing to wake up and train their employees, were successfully fooled twice by the same type of attack.
How were the employees supposed to know? Nobody ever taught them what the bad guys were up to, so it’s hard to blame them for being victimized. It’s not surprising who usually wins the battle of professional con artist versus clueless employee. If nobody ever tells you sharks can eat you, why wouldn’t you go swimming anywhere you want? Clearly, the blame lies somewhere else.
Meanwhile, folks out here in “the field” endeavor to stay safe however we can. In my free seminar, “Fight The Internet Bad Guys & Win!” I train people what to look for, what to click, and what not to click in order to avoid problems like ransomware. There are two main ways of dealing with ransomware: prevention and remediation.
Prevention is, of course, the best method, and backups are the most effective way of thwarting the effects of ransomware. Ransomware seeks to encrypt and hold your files hostage, making them unusable to you, but if you have effective backups of your files, the bad guys lose. You simply clean up the ransomware infection, restore your files from your backups and move on.
There are also software programs from a variety of companies designed to stop ransomware attacks. Some of these programs are free, some charge a fee. Some are aimed at large businesses and organizations, others cater to the small business and home market. In this column, we will look at the small business/home market. Most of these solutions share a common approach; if certain system settings start to change, or numerous files suddenly begin encrypting themselves, these programs intervene and seek to stop the changes.
It is impossible for me to actually test these products without actually going through a ransomware attack, so I will simply list those I consider legitimate, from companies with well-established reputations, and suggest you get one of them.
(1) Bitdefender Total Security 2019 (on sale for $39.98, one year, five devices) www.bitdefender.com (2) Acronis Ransomware Protection (free) www.acronis.com, under the “Personal” link (3) ZoneAlarm Anti-Ransomware ($14.95 per year, one PC) www.zonealarm.com/anti-ransomware (4) CyberSight RansomStopper (free) cybersight.com/products/free-home-personal.
After-the-fact remediation is attempted when you have experienced a ransomware attack, have no files backed up, and hope to somehow defeat the bad guy’s encryption scheme. It is essentially an act of desperation, because odds of success are very slim. Some companies, notably Avast and Emsisoft, offer tools to rescue your files in certain scenarios. If you are going crazy to get your files back, they are worth a try. See www.avast.com/ransomware-decryption-tools and www.emsisift.com/decrypter.
Secure backups are still your best protection, though, backed up to an external drive in your possession (disconnected when not in use) and using an online backup service like Carbonite (www.carbonite.com).
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com