Ransomware is a relatively new form of computer malware (“malware” is a generic term for malicious software). Back in my day we had computer viruses that were, in the beginning, just pranks. Then they became more malicious and destructive.
Now with ransomware, they have become money makers. It is estimated that ransomware cost individuals, municipalities, and companies $1.2 billion in 2021.
That’s more than I make in a month.
What Is Ransomware?
Ransomware is a form of malware that encrypts the files on your computer, then holds them for ransom. For a fee, usually around $300 paid in bitcoin or some other untraceable currency, they will give you the key to unlock them. In the past they have been known to follow through with that promise, because if they didn’t, people would stop paying the ransom.
In the beginning, ransomware was targeting most anybody, but now the criminals mostly go after municipalities such as city or county governments, school systems, and public works, and small to medium businesses.
And they don’t demand $300 from them. In 2018, the city of Atlanta was hit with a ransomware attack and the attackers demanded $51,000 for the key.
While we are the small fish in the pond, we are still fish, and we need to know the ways to avoid ransomware.
How Do Computers get infected with Ransomware?
The main way is through phishing attacks. “Phishing” is where bait is cast over a wide area hoping someone will bite. That bait can be a link in an email to a malicious or compromised website, or an infected pdf document, or a photo containing malware.
Here are the 4 ways to avoid ransomware:
Don’t Click On Links
When you get an email, unless you are 100% sure that it is legitimate, never click on links. Legitimate emails would be newsletters you have signed up for, businesses you have allowed to email you about products and services, or people you correspond with regularly. If your Aunt Mary out of the blue sends you a link to a video, be aware that there is a good chance the email might not be from her. Not that she’s been hacked, but it’s very easy to spoof someone’s email address.
Simply contact Aunt Mary asking her if she sent it to you. Don’t reply to the email, send a new one to her email address in your contact list.
This can also happen through Facebook Messenger. See this article on what to do if you think your Facebook profile has been hacked.
Clicking on a malicious link can install the ransomware software on your computer.
Keeping The Bad Guys Out
The best way to keep ransomware out of your computer if you do happen to click on a malicious link, is to not have permission to install software.
Every computer should have at least two accounts set up on it. One should be the administrator account, with all privileges and permissions granted in order to perform any maintenance work on the machine.
Then each user should have their own account with limited permissions. Windows calls these accounts “users.” Apple doesn’t have accounts like this.
And yes, Windows machines are more targeted for ransomware. Not because they are inherently less secure, but because Apple only has around 16% of the global PC market, and if you are going to go phishing, pick the pond with the most phish. Windows is that pond.
With everyone set up with a “user” account, the user would need to enter the administrator password in order to install software. This will keep the malicious link from automatically installing the ransomware. Personally, if I had kids in the house I would not let them know what that password is.
Keeping The Bad Guys In
Ransomware needs access to the internet in order to do it’s job. Once it creates the key to encrypt your files, it uploads that key to a server somewhere to hold and await your payment. Russia, China, and Iran are prime areas for these attacks, but they can come from most anywhere. You need a way to keep the ransomware from accessing the internet.
Windows has a built-in firewall, but by default it allows all outgoing traffic to go through unless it is specifically blocked. And there is no way to block something in advance without help from another application.
That application is Windows Firewall Control (WFC), once an independent company, now owned by Binsoft, a very respected company. This software is free to individual users, and there is a paid version for enterprise.
With WFC, if you select the medium setting, all outgoing traffic is blocked unless it is specifically allowed. This is a pain in the ass at first, as one has to keep the connections log window open and as needed, unblock programs. This link will instruct you on how to set up and configure WFC.
Backup, Backup, Backup
Yeah, you’ve heard this tune before, but did you listen to it?
So you clicked on the link in the phishing email, you didn’t have a user account, and there was no specific rule to block unapproved outgoing traffic and you got infected with ransomware. You have three choices:
- Pay the ransom and hope they give you the key to unlock your files.
- Accept that you lost everything and start all over again.
- Wipe your hard drive, reinstall windows, and restore your files from your backup.
If you don’t have a backup, then you only have two options, and restoring your files ain’t one of them.
I suggest that you always have two backups, and just to be clear, copying something to a thumb drive and deleting the original isn’t a backup. If you only have one copy, you don’t have a backup.
Here’s how it goes:
- One copy of your files (the original) on your computer’s hard drive
- One copy on an external device (thumb drive, CD, external hard drive, etc.)
- One copy stored off site (in another location or in the cloud)
This way if you lose your original files, you have two sources to restore from. This not only goes to recovering from a ransomware attack, but when (not if) your hard drive crashes, and also this helps in setting up a new computer.
The offsite storage is in case of some disaster that destroys your computer and your local backup.
For cloud backup, I both use and recommend idrive. Less than $60 per year for 5 terabytes of storage, and if you use this link you can get your first year for only $7.95.
Disclosure: This is a paid promotion, I only recommend and endorse products and services that I personally use.
You are the key to avoiding ransomware, you cannot depend on others to do it for you. If you follow the above advice, you can rest assured that at best, you are safe from ransomware attacks, and at worst, you have a backup that will keep your cash in your pocket.
As always, if you have any questions about this, or any other subject, you can ask them in the comments section, or email me at email@example.com.