Every week seems to bring news of another case of ransomware.
It’s nasty stuff. Nasty enough that the US and Canada on Thursday issued a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked.
The plague doesn’t appear to be going away anytime soon. Why should it? It’s proving a lucrative swindle for cyberthieves.
Enabling the ransomware plague is the fact that many people and businesses aren’t protecting themselves by locking down their computers and files.
If you do get infected with ransomware, unless you’ve got back-ups or the crooks made some kind of cryptographic mistake, you’re left with either paying or losing your locked-up files forever: a prospect that’s caused many to pay up.
From the alert, distributed by the US Department of Homeland Security and the Canadian Cyber Incident Response Centre:
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
The alert provides these preventative tips to protect your computer and your networks from ransomware infection:
- Back up your data, preferably on a separate device, and store it offline. That will keep your data safe not just from extortionists but also from natural disasters, such as floods and fires.
- Use application whitelisting to help prevent malicious software and unapproved programs from running.
- Keep your operating system and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict user permissions for installing and running unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Doing so may prevent malware from running or limit its capability to spread through the network.
- Avoid enabling macros from email attachments. Macros are how the Locky strain of malware got its hooks into systems: An email contained a document advising the recipient to enable macros, which then triggered malware-installing code to run. The governments’ warning suggests that enterprises or organizations might be better off blocking email messages with attachments from suspicious sources.
- Don’t click on links in unsolicited email. For that matter, take care when clicking on links in an email that looks like it comes from somebody you know. As Mattel’s $3 million brush with CEO mail scams shows, crooks have gotten good at convincing you their scammy notes are coming from your boss.
Prevention’s all well and good. But what do you do if you’ve already gotten zapped?
Do not pay, the alert said, unsympathetically enough:
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
As a matter of fact, that’s what Naked Security has also advised. We don’t want to see money going to crooks. This is entrepreneurship we’d rather see starve.
But like Paul Ducklin said in his advice on what to do if you’re being squeezed in the ransomware vice, that’s easy to say when it’s not our data on the line.
So please, for the love of your precious data, don’t leave yourself vulnerable.
Like Canada and the US are urging, back up, patch, choke your login power, don’t click on unsolicited attachments, and don’t enable macros in document attachments that come in email.
Image of Ransomware courtesy of Shutterstock.com
6 comments on “Ransomware alert issued by US and Canada following recent attacks”
I have said this for years since this ransom ware
Started. Backups are in expensive
Agreed – just remember to have more than one back up with different time intervals as it is entirely possible to back up the ransomware encrypted files. Make sure one is off-site and don’t ruin a good backup by plugging it into an infected machine.
That can help, but it’s not a magic cure 🙂
Is it easy for a cyber-security expert to figure out when the attack started? When these things get into a network…they spread like crazy.
It doesn’t take an expert. Just look at the time/date stamps on the newly encrypted files.