Cyber Security & Technology to help you stay safe online

May 9, 2022May 12, 2022

Ransomware only affects businesses… right?

• by Scott
• Comments Off on Ransomware only affects businesses… right?
• Personal Security

Ransom + Software = Ransomware.

Ransomware is a malicious-type of software (aka, Malware) that gets invoked often by phishing, where you receive an email with an attachment or link and opening opening either. When activated, it invokes a series of events that causes your PC to become infected by installing its malicious software onto your computer.

HOW it gets on your machine can vary. Often in a business environment, one person gets a malicious email, attachment, or embedded in some other software the user is installing (often a pirated version of software). The machine becomes infected and begins to spread to other computers in the network.

Sometimes the ransomware lays dormant for hours or days. You don’t know you’re infected and as it slowly spreads across the network, then it “kicks in”. More about that in a moment.

But what about a home computer?

There’s very little difference between a home PC and a business one. Assuming you’re running Windows, there are different versions of Windows (Home, Enterprise, Ultimate, etc.), but they’re all running a flavor of Windows – the differences often are some features may be missing in one version compared to another. Like the Home version of Windows 10 does not contain many of the Network sharing or Local Domain authentication features that are included in the Enterprise or Ultimate versions.

In a business, you have many computers often running Windows, Mac, or Linux. In a home, you may only have a few, between all members of the household.

Forget the layers of protection an Enterprise environment may have to mitigate the risk of Ransomware. I want to talk about what it actually does…

When I say it kicks-in, here’s the chain of events… First, the malicious software infects your machine. Next, it tries to find other vulnerable machines in your network. Got home wifi? That’s a network.

While it’s moving to machines in the network, the next step is the encryption process. There are different types of Ransomware – far too many to list here – and they will slowly begin to encrypt the files on your PC over a period of hours, days, or even weeks.

The next step in this fiasco will differ by the different Ransomware variants out there. Some will upload to a remote server, some or all of the files on your machine. Some will just encrypt and leave the encrypted files on your machine (and not send them elsewhere). And then there are the Wipers, and I’ll talk about that in a moment..

What does “encrypting the files” do?

It replaces all of the files on your computer with a scrambled (ie, “encrypted”) version of the file – and this means all files, from your Word documents to the files that actually make Windows (or Mac or Linux) work. (These files are no longer readable by the operating system or other applications, and can only be read if you have a decryption key.) Once they’re all encrypted, it announces to you that your machine has been encrypted and if you want any of the files back, you must pay a ransom.

Your machine is now unusable. No files can be opened. Windows (or Mac or Linux) is no longer running. All you have is this single window with this message and how to contact the criminals to pay them in exchange for an decryption key.

You’re infected & your files are encrypted. Now what?

Your options are now:

• – Pay the ransom. Hope you get a decryption key back. Hope that it decrypts your machine and life returns to normal.
• – Search online (using a different, non-infected computer) for a free decryption tool. They do exist for some variants, but I wouldn’t rely on them.
• – Wipe your entire machine and reload the OS (Windows, Mac or Linux) and restore a backup of your important files.

That’s it. Those are your only options.

A recently released article says that in 2021, only 4% of companies that paid a ransom, actually got their files back. Read that again: Four percent who paid the ransom, got their files back, meaning 96% of those who coughed up a ransom, got nothing. Don’t rely on the criminals being… well, honest.

Some Ransomware variants only encrypt with no intention of ever decrypting the files… but you don’t know that. It says to pay up and get your files back, and when you do, you get nothing in return.

That leads me to Wipers.

These are a variant of Ransomware that says it’s encrypted your files, demands a ransom to be paid, just like any other Ransomware attack. Except, it doesn’t actually encrypt your files. Instead, it wipes them, as-in, they’re gone. You can’t recover them from the hard drive because they made it impossible to do so.

Now that I’ve gone over the horrors of Ransomware, there are two things I now want to talk to you about: Protecting yourself and backups.

First: Backups!

For businesses, the traditional rule is the 3-2-1 rule: Three backups, stored on two different type of media, with one stored off-site. For the home user, you don’t need to be that elaborate, but if money is no object, then don’t let me stop you from being overly-protective of your files!

For the home user, there are two options I’d suggest you explore. First one is an external USB hard drive. This can be a thumb drive, an external USB drive… it doesn’t matter, just let it be external from your PC and not always connected to your computer. Why not always connected? Because if you get infected, it encrypts everything, including connected, external drives.

Take backups and once you’re done, unplug the USB drive and leave it alone.

Another option: Cloud storage. This one is a great option if you have multiple computers you want to backup, and also if you want to keep one “off site”. Think of a severe situation: Your house catches fire. It’s great that you have a backup, but if it was in the same room as your computer, in the same house that just burned down… it’s gone.

Another advantage of Cloud storage is that it is separated from your PC in that if you were to get infected, it doesn’t have a direct connection to your Cloud backup.

There are different Cloud backups out there. For Apple products, there’s iCloud. Microsoft offers OneDrive for Windows. Then there are other companies, like Backblaze, among others, that offer Cloud storage for your PC(s).

I personally use Backblaze. The reason I went with Cloud storage is because if something were to happen to my home computer, or my home, all my files (mainly my photos and videos of my family), are all stored offsite and can be accessed anywhere. Full disclosure: The link for Backblaze above is a reference link that will give me a bonus if you sign up. You don’t have to click it, instead just search for “backblaze” and you’ll find their site.

Next, how to avoid Phishing.

Here’s a great graphic from the folks at KnowBe4, who help break-down the tale-tell signs of a phishing email and what to look for. I encourage you to give it a good read. It may help you.

Meanwhile, I hope my explanation as to what Ransomware is, and how to avoid being a victim and remaining safe, was useful. Stay safe out there!

---