Best Practices for Avoiding Ransomware
Its no secret that the Holy Grail of malware is ransomware. Criminals are extorting incredible amounts of money from small and large businesses alike every single day. And if history is any sort of indicator, this will get a lot worse before it gets any better. So what can be done…?
Well, lets start with a definition of ransomware. Essentially, ransom malware attempts to gain access to your PC and all the attached resources and then attempts to encrypt them so that you can no longer access them. Simply put, encrypting a file (or files) is a simple matter of scrambling the content of the files to such a point as they become unreadable without a special code of “key” that can be used to unscramble the files back to their original form. Once the files have been encrypted, the perpetrator then contacts you with instructions on how to send them money via Bitcoin with a promise to supply you with the key to unlock your files. Simple, deadly, and highly effective. Encryption keys are extremely difficult to crack and once it happens, you’re pretty much dead in the water without the key or a really good (and hopefully recent) backup.
You may have heard the phrase “The best defense is a good offense” but in this case the best defense is a good defense. There are some pretty easy ways to ensure you don’t get hit:
1. Don’t open emails from people or businesses you don’t know. This one is easy. If someone you have never heard of sends you an “invoice” that you “must pay immediately to ensure continued service”, throw it away. Don’t even bother with it and DEFINITELY do NOT open any attachments. The subject of the email may differ, but if it comes from someone you don’t know, toss it immediately.
2. Do not follow links in emails that ask you to “update your information”. It is rare when a company will ask you to do this. Banks don’t do it, Paypal doesn’t do it, Microsoft doesn’t do it, Apple doesn’t do it, etc., etc., etc… Most of these emails are expertly crafted and are graphically very similar to emails that you could get from the above aforementioned companies, but there is an easy way to tell if it is authentic: hover over the link and it will tell you where it is going. The link may look authentic, but when you hover over the link, you will know immediately and if it doesn’t go to the site mentioned in the email, it’s a trick. Run away! For example: see the link below and where it actually takes you. I created this screenshot by hovering over a bogus link I created just for illustrative purposes.
3. Don’t open zip files. Unless someone you know says “Hey, I’m about to send you a zip file.”, just don’t do it. When being scammed, zip files are never zip files, they are only cleverly disguised as zip files. They are instead self-activating malware that will encrypt every file on your machine and on any network drives you happen to be attached to. All in a matter of minutes.
4.Stay away from the dark side of the internet. Do NOT peruse shareware sites, do NOT peruse sites with free applications, movies or music, do NOT peruse pornography sites. And especially do NOT download ANYTHING from them. They are ripe with malware. Get your applications, music and movies the ethical way – pay for them. And as for porn, it’s disgusting and demeaning to women AND men, so please just don’t.
That’s four easy ways to stay out of trouble. Do these simple things and your chances of being a victim diminish by about 99%. Just remember – when in doubt, parachute out! Oh, and if you are still unsure, contact us. We’ll be able to tell you in moments whether or not you’re clear. Better safe than sorry!