Ransomware is a type of malware that is designed to lock all your computer files without your permission and ask you to pay a ransom in order to unlock them again.
The software is more and more advanced with new variations constantly upgrading it.
Last year, we learned about ZENIS, a ransomware that intentionally deletes backups. And more recently, GermanWiper, which does not encrypt your files at all - it simply deletes them and demands a ransom anyway. Paying victims have nothing to decrypt because their files have already been deleted from the beginning.
"Ransomware is now being transmitted through a variety of mechanisms that make it increasingly difficult for end users to remain protected," said Victor Congionti, chief information officer at Proven Data.
"Traditionally, ransomware has been circulated via email to naive users." But he also said, "Ransomware is being distributed more and more in non-traditional ways."
Hackers now disguise it in applications and software. They transmit it through phear-phishing attacks, which target individuals in an organization that are more likely to click on suspicious links.
How to protect your backups from Ransomware attacks
If your system is infected with ransomware, you can either pay the ransom and hope to receive your files or not pay and try to rebuild your computer from backups.
Get started with these three basic backup principles:
- Suppose ransomware encrypts or deletes everything you have on your computer. If you are backing up an internal or external hard drive that is constantly connected to your computer or cloud, be aware that these files can be forgotten. They are only worth it if your hard drive is damaged.
- Disconnect your backup from the network. A powerful weapon against ransomware is to use a backup media that is completely disconnected from the computer and the Internet. For example, if you are backing up to an external hard drive, connect it only during the scheduled scheduled backup, and then disconnect it again immediately.
- Rely on backup. Even if you disconnect the external drive, there is no guarantee that you will remain protected. This is because your system may already be infected with malware when you do the backup.
Practice a practical backup strategy
Obviously, common backup solutions are not strong enough to protect you from a ransomware attack. The cloud storage is not the same as the cloud backup and as a result, anything that syncs your data is not secure. If you want to recover files, you can not rely on the free versions of Dropbox, OneDrive or Google Drive, for example.
If you pay for storage, things are different. Dropbox includes the Dropbox Rewind feature. Dropbox Plus (2 TB of storage) provides you with a 30-day history of your files, which you can restore at any time. Dropbox Professional (3 TB) has a history of 180 days.
OneDrive has its own ransomware protection. If OneDrive detects potential ransomware activity, it alerts you and asks you to back up if you have made any recent changes to your files. If not, Microsoft is trying to help you clean your hard drive and restore the corrupted files.
In addition, most online backup solutions use a lot of backups, so with services like Acronis, Carbonite and iDrive (among others), you can get back an image of your hard drive just before it gets infected.
Some online services even make anti-ransomware tools. Acronis, for example, has a tool called Active Protection and seeks malicious behavior.
We recommend that you have at least two ways to back up if you think your data is worth it. You can combine a simple, easy-to-sync solution with a traditional cloud backup solution (Dropbox, OneDrive, Gdrive) to make sure your files are always available if you connect from a different computer or experience a hardware failure.
At the same time use a secure backup solution for backup. You can use a local backup application that writes to an external drive or an online backup service that stores your files in the cloud. Yes, it is more difficult to have your files when you use these types of backups, but they can handle an ransomware attack that your daily file synchronization cannot handle.
How To Avoid A Ransomware Infection
Ransomware is just another type of malware that you need to be aware of and be prepared for.
Once you have implemented a secure backup solution, follow these rules to minimize your exposure to ransomware:
- Use a powerful antivirus product with ransomware protection.
- Do not click on something you do not trust.
- Keep your computer up to date with the latest system updates.
Finally, if you have ever had the misfortune of being infected with ransomware, do not be disappointed. There are two free tools you can use to decrypt your files without paying:
- No More Ransom: That's it for a joint program between McAfee and several European law enforcement agencies that now has around 100 corporate and government partners. If your system is infected, you can visit the No More Ransom website and upload some samples of the encrypted files from your computer. If you are lucky, you will be able to unlock your computer at no cost.
- ID Ransomware: Similar to No More Ransom, it is an application created by the security company Emsisoft.