May 3, 2016

Expert tips to avoid falling victim to ransomware

Threats Tips

Let’s face it, you can’t tune into the news without hearing something about ransomware. The scourge of the Internet has seen its profile raise over the past few months as it has touched down on American shores. While ransomware may not be new, it’s targeting of police forces, municipalities and hospitals has really started to pique the interest of the evening news, because, well bad news sells.

Expert tips to avoid ransomware

Despite the fact that big businesses and local governments have been recent targets of ransomware, they are far from the only ones who have to worry. You see, everyday Internet users like you and me are also the potential target of ransomware. We store our entire digital lives on our devices and would be lost without them. Chances are people who are locked out of these files would be willing to pay to get them back.

At Kaspersky Lab, we suggest that users proactively protect themselves from threats rather than paying the ransoms of criminals. With that said, we also know that the criminals are always looking for new ways to get into the wallets of hard working folks. So what can someone do to make sure that they avoid falling victim to ransomware? For that, I chatted with Ryan Naraine, the head of Kaspersky Lab’s Global Research and Analysis Team (GReAT) in the USA to see what tips he would offer:

Backup and secure your data

I cannot stress the importance of backing up your data. We live in a digital age where we are storing everything from wedding photos to videos of our children’s first steps or words on our devices. Should anything go wrong with that device, you will lose your digital treasures. It is very important to not only back up these files on the cloud but also to a physical device —external hard drive, USB stick, etc. — that is kept offline and in a secure place.

In the case of ransomware, the part of being kept offline is truly important. Should your backup be connected whether it is via a USB cable or on a site like Dropbox, the ransomware can get into the files.

Patch and Update Religiously

Do you currently have apps or programs that note that you need to run an update? If you are one of the people who tend to put off installing updates or patches for your products and apps you should really start making this a priority.

Aside from updating the product’s interface design or functionality (which could be objectionable, let’s face it), these patches often fix vulnerabilities that were found in the program. While it might seem like a pain to install the latest Windows update or Java patch or whatever, neglecting can result in your machine being vulnerable to attackers who look to exploit the vulnerability.

Have a security solution

When you think about security you probably fall into one of three buckets. The first is that you buy into the hype that anti-virus programs are dead and provide little use; the second thinking that this is a PC only issue and something that couldn’t hurt their beloved smartphone or Mac; or third that I need to make sure I have security solutions for all of my devices.

If you are in the first two scenarios, you need to rethink your stance. When a type of malware or ransomware has a known signature, third-party solutions (like Kaspersky Total Security) can stop you from clicking a link or opening up a malicious file that it detects. Our research along with industry peers has shown that not only are Macs susceptible to ransomware, but so are phones.

Mobile devices could also be more at risk given the amount of personal information, financial apps and digital memories that are stored on them.

What can I do if I get ransomware?

Overall, I do not suggest that you pay the ransom. There are a number of tools out there that can help you decrypt a certain ransomware variant. Kaspersky Lab tools that can help victims of the CoinVault and Bitcryptor campaigns as well as the recent CryptXXX variants of ransomware that will not cost you a dime. There are also others from other companies in the security space. Doing some research could save you some money and time if you have a type of ransomware with a known free cure.

What’s next?

When GReAT rolled out our predictions for security trends for the coming year on Securelist, my colleague Juan Andrés Guerrero-Saade noted:

“Not only do we expect ransomware to gain ground on banking trojans but we also expect it to transition into other platforms. Weak attempts at bringing ransomware to mobile and Linux have already been witnessed, but perhaps the more desirable target platform is OS X. We expect ransomware to cross the Rubicon to not only target Macs but also charge ‘Mac prices’. Then, in the longer term, there is the likelihood of IoT ransomware, begging the question, how much would you be willing to pay to regain access to your TV programming? Your fridge? Your car?”

What does this mean for you? For starters you should follow these tips and also educate yourself with what is going on in the cybersecurity space. This blog, Threatpost and Securelist are all great places to get the latest news to make sure you can have the pulse of the threats out there.