Over the weekend, a very good friend of mine told me how someone they knew fell victim to a ransomware attack. The victim was an acquaintance of his; and this acquaintance got scammed not once, but twice by the same thieves.
When the initial attack hit, my friend’s friend – we’ll call him Ben (not his real name) – did what most people do when they get hit with a ransomware attack: they paid the (usually between $100 – $500) ransome and got the decryption code from the scammers. Instead of paying via Bitcoin, Ben paid with his credit card.
A short while later, the scammers contacted Ben and said, “they felt guilty” about the incident and wanted to give him his money back; but were having issues reversing the charge on his credit card. They asked Ben for his banking information so they could put the money back into his checking account; and HE GAVE IT TO THEM!
The thieves wiped out his checking account. In all, Ben lost almost $31,000 USD. After contacting the authorities, Ben learned that he likely won’t get his money back. Because he gave the thieves his banking information, he effectively, “authorized” them to drain his checking account.
This cringe-worthy experience isn’t unique. People fall victim to ransomware every day. While it’s unusual for someone to get taken twice, its (obviously) not unheard of or unrealistic. What is doubly damning about this type of scam is that many feel foolish or “stupid,” afterwards, because to get the bug, users have to physically initiate the process themselves by clicking a button or link. The program screens are VERY realistic, so, it’s very easy for someone to be fooled.
Realistically, there’s no way to “recover” from a ransomware attack. Even if you pay the ransom and “get your data back,” the encryption app isn’t “removed.” It’s still there on your computer and there’s no guarantee that the ransomware isn’t also a trojan horse, providing the thieves a way to reencrypt your hard drive subjecting you to an additional demand for more money.
So today, we’re going to learn how to prevent a ransomware attack, and to make certain that no one, EVER, holds your documents, data and family memories hostage… EVER. Part 2 of this series will show you how to recover from one, if you do get infected.
This is a two part process – Prevention and Recovery. Prevention is the easy part. It’s actually very simple; and if done right, won’t require any additional work from you or anyone. It may cost a few dollars, depending on the amount of data – videos, pictures, documents – you have and the products and services you choose; but it’s going to be much, MUCH cheaper and (definitely) much less stressful than paying a ransom to some jerk halfway around the world whose encrypted your hard drive.
Prevention – Stop Ransomware Before You Get It
- Get a Cloud-based Data Sync App
It doesn’t matter which one it is – Microsoft OneDrive, Google Drive and Google Photos, DropBox or Apple iCloud Drive – but get one, and buy as much space as you need for all of your data. Most of these systems don’t count pictures or videos against your data quota if you follow their specific rules. For example, if you use and Google Photos and choose to store the high quality original on the service, you get unlimited photo and video storage.
There are a lot of file sync services out there. Some of them are not as well known as the four mainstream services I cited, above. Stick with one of the mainstream services. The larger services provide enterprise level virus scanning of data (once its on their system) and if you have any bugs, they’ll remove them, and sync the clean data back down to your computer. Regardless of which service you choose, you need to pick one and setup synchronization of your data there. This “set it and forget it” step will insure that your data is a) virus free and b) backed up and saved.
As you add new data – documents, pictures, videos – your new data or updated documents are automatically synchronized to your cloud service of choice and backed up. If anything happens to your copy on your computer, you can recover from the copy you have saved in the cloud.
- Keep your Computer Operating System Updated
It doesn’t matter what OS you have – Windows, macOS or Linux – always, alwAYS, ALWAYS install the latest operating system updates as soon as they are available. The latest updates often include not only bug fixes for existing OS issues, but they often include security updates that help prevent viruses and exploits. Staying current helps you stay as secure as possible.
All three desktop OS types – Windows, macOS and Linux – include an auto update feature. Turn it on. Leave it on; and then restart to actually install the updates when the OS tells you its got an update to install.
- Install a Good Virus and Malware Prevention Package
This is a bit more confusing than the other two steps, however, its likely one of the most important. You want to install a reputable Anti-Virus/ Anti-Malware package, but you don’t want one that’s going to bog down your computer system. Many AV/AM apps do just that, and it’s unfortunate. I’ll have an article on appropriate AV/AM apps for budget computers at a later date.
However, you should pick a package, install it, and insure that it updates itself often. New AV/AM definitions are released daily; and in some cases (depending on the vulnerabilities in question) multiple times a day. Make certain your AV/AM package updates automatically.
Setup a scanning schedule and let the app scan your computer and its files as needed. Don’t stop the scan, ever. Set the schedule up so that it either scans when you’re not using the PC (like, over night) or let it scan when its time.
Let’s review very quickly. Getting this right is exceptionally important if you don’t want to lose either your family memories (photos and videos) or your money.
- Back Your Data up to a Cloud Service – Pick one of the main four services – OneDrive, Google Drive/Photos, Dropbox or iCloud. Buy enough storage space to hold everything you want to save, and then setup real-time synchronization to save all your changes to the cloud service.
- Keep your Computer’s OS Updated – Install updates as soon as soon as they become available or setup auto-update. The benefits of staying current vastly outweigh any risk of new bugs or vulnerabilities the updates may contain.
- Install an Anti-Virus/ Anti-Malware App – Pick one, install it and let it update as needed. Setup a scanning schedule and let the app do the scans when it’s time.
Come back next time, and we’ll discuss how to recover from a ransomware attack if your Windows System gets infected.