Ransomware is perhaps the most serious form of malware. It’s designed to take over your system, encrypt its contents, and lock you out of your own files unless and until you pay a ransom (typically by credit card or cryptocurrency such as Bitcoin) to the person or company that has taken your system hostage.
There are a number of ways that malware and ransomware can infect your computer. One of the most common methods is through malicious spam, or malspam. A malspam email often includes attachments that appear as innocent PDFs or Word documents. When the user opens the attachment, they’re prompted to type a password which allows installation of a malicious app. The malspam email might also contain links to malicious websites.
Malspam uses social engineering to trick people into opening attachments or clicking links by appearing as legitimate. Often the email seems to come from a trusted company or a friend, or even an organization like the FBI. Cybercriminals effectively use social engineering to scare users into paying money to restore access to their files.
Another popular infection method is malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware, often requiring little to no user interaction. While browsing the web, often on legitimate sites, users may be directed to criminal servers without clicking on an ad. These servers catalog details about a victim’s computer and their location, and then choose the malware best suited.
Mac malware first appeared in 2016. KeRanger ransomware infected a popular file transfer app named Transmission that, when launched, copied malicious files to the user’s computer which ran in the background for three days until finally launching and encrypting files. Thankfully, Apple’s built-in anti-malware program XProtect was quickly updated to block KeRanger from infecting additional user systems. Apple and Microsoft are both doing their best to stay ahead of these bad actors, but this game of malicious whack-a-mole is difficult to ever “win.” Now GateKeeper is the macOS security application that enforces code signing and verifies downloaded applications before allowing them to run.
What to do if you discover you’re infected
The number one rule if you find yourself infected with ransomware is never pay the ransom. Paying the ransom encourages cybercriminals to launch further attacks. If you discover you’re infected, or see scary onscreen messages and don’t feel up to tackling this on your own, please give us or Apple/Microsoft a call. If the attack happens at night, or during a weekend or holiday, a good tactic is to simply turn off your computer until you’re able to call for assistance.
An ounce of prevention…
Security experts agree that the best way to guard against ransomware is to prevent it from happening in the first place. Always be cautious about clicking on attachments or ads from unknown, untrustworthy, or questionable sources. Effectively addressing a ransomware infection often requires much more technical skill than the average computer user possesses.
To help guard against malware and ransomware attacks, we recommend that all users:
- Have at least one automatic backup on every computer for all files including documents, pictures, and music. It’s even better to have one local backup (to a USB hard drive or flash drive) plus one offsite backup in the cloud. If your computer becomes infected and your files are safely backed up, it’s relatively easy to simply ignore the ransomware request and restore your files from your most recent backup.
- Invest in a program such as Malwarebytes that offers real-time protection designed to thwart advanced malware and ransomware attacks. People using the premium version of Malwarebytes for Windows, for example, were protected from all major ransomware attacks of 2017. Malwarebytes offers discounts for multiple computers.
- Run system software updates as soon as they’re released. Last year, the WannaCry ransomware outbreak took advantage of a security vulnerability in Microsoft software. Though Microsoft had previously released a patch for the vulnerability, many users and companies hadn’t installed the update, leaving themselves vulnerable to the attack. Connectech recommends that you enable automatic updating of your system software, and don’t delay if you notice a pending security update.
- Stay vigilant and stay informed. One of the most common ways computers become infected is through social engineering. Learn more about ways to detect phishing, malspam, suspicious websites, and other scams. (Read our articles “What is Phishing, and How Can I Protect Myself?” and “Your Company’s Name and Identity are Being Used in a Phishing Attack. What Now?“.) And above all else, trust your instincts. If something seems suspect, it probably is.