Ransomware is a type of cyberattack (i.e. attack from the internet, mostly) where a bad actor ‘hijacks’ your files, and demands payment to restore them. Payment is usually done with a digital currency (like BitCoin) to make in untraceable.
The hijacker uses a very short string of letters (also called a ‘key’) to completely disable access to your content (by encrypting it). This is a direct result of how data is stored on your hard disks — they are stored as numbers (bytes).
Change those numbers following a mathematical rule and your content is no longer accessible. You need to know that rule to get your content back (in other words, reverse the process and decrypt your content). The hacker does not need to delete your files. You still have them, but can’t use them. This is why we use the term ‘hijack.’
The first kind of ransomware is said to have started in 1989. With the explosion of internet use, ransomware has seen dramatic growth since 2012.
We will never know exactly how many ransomware acts have taken place, as most companies are afraid to report them.
Don’t be fooled by the lack of publicity around ransomware. It happens hundreds of times every day. You could be next.
How Hackers do This
In order to encrypt your files the hacker needs your computer to do the actual encryption. That’s right, it’s your computer that does the hacking for them. They can access your computer in various ways:
- Getting access to your password
- Using a vulnerability in your operating system (e.g. hackers often use backdoors in Windows)
- Usinga vulnerability in an app you use (e.g. WhatsApp is a big target of hacking given its popularity, Internet Explorer and Flash have also been blamed for many attacks)
- Making you install bad software (e.g. Word files with macros, programs sent via email etc.)
If you are a victim of ransomware, we hate to break it to you. You will likely never get your data back from the hacker, even if you paid. Here is why:
- Every touch point with the hacker risks exposing them, they need to minimize all contacts with you.
- They already got their money and there is no way for you to get it back if they don’t return your files.
- They have no reputation to keep as ransomware hackers are not publicly known or verifiable.
So why would they take the risk and expose themselves further?
If you think it is out of the goodness of their heart, you need to remember that they hacked you, disabled your files and stole your money. Where is the goodness in all of this.
An exception to the above rule is if you got extremely lucky and the hacker is an amateur using a simple encryption algorithm. In which case encryption experts can help. However, don’t count on it. The days of dumb hackers are long gone.
How to Prevent Ransomware
Now we move to the more actionable approach: prevention
Method #1. Productivity Platform
The easiest solution is to use server-side productivity platform.
Shameless plug: OneOffice is such a tool and it comes with anti-ransomware detection
Encrypting files on our servers (or your self-hosted OneOffice servers) by a third-party is next to impossible. Here is why: Hackers need to install a program on the server that hijacks the content. Given our application servers do not receive emails and cannot install other apps, are inaccessible to the outside world, use Linux (not Windows or Mac) and only run the OneOffice application, tough luck!
There is a security hole, however: if you download the file on your computer and subsequently upload a hijacked version
The solution is easy:
- We keep versions of all your files (so you can go back to an earlier file)
- We monitor what you are uploading for common ransomware patterns
Method #2. Securing your Device
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit (especially if you are using Windows)
The problem with this approach is that often it’s your IT rolling out updates. They typically want to make sure these updates don’t break anything before they push it to everyone. This results in delays during testing that hackers can exploit
- Don’t install software or give administrative privileges unless you know exactly what it is and what it does (do you really need to install that game on your laptop?)
- Install antivirus software which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but will limit the damage caused by one.
In this article we went through the basics of Ransomware, so that you have what you need to make an enlightened decision.
Do not postpone hardening your safeguards against attacks. Hackers can ‘smell’ that a system is vulnerable and target you
In fact, the mere point that you are well-protected and your content is secured in a server-side productivity tool discourages hackers from targeting you. After all, time is money and if you are a bad target, they will invest their time elsewhere.