What is Ransomware
By Marc EdwardsIntroduction
Ransomware is a type of cyberattack (i.e. attack from the internet) where a bad actor 'hijacks' your files, and demands payment to restore them. Payment is usually done with a digital currency (like BitCoin) to make in untraceable.
The hijacker uses a 'key' to encrypt and completely disable access to your content. This is a direct result of how data is stored on your hard disks -- they are stored as numbers (bytes).
Change those numbers following a mathematical rule and your content is no longer accessible. You need to know that rule to get your content back (in other words, reverse the process & decrypt your content). The hacker does not need to delete your files. You still have them, but can't use them. This is why we use the term 'hijack.'
The first kind of ransomware is said to have started in 1989. With the explosion of internet use, ransomware has seen dramatic growth since 2012.
We will never know exactly how many ransomware acts have taken place, as most companies are afraid to report them.
Don't be fooled by the lack of publicity around ransomware. It happens daily. You could be next.
How Hackers do This
In order to encrypt your files the hacker needs your computer to do the actual encryption. That's right, it's your computer that does the hacking for them. They can access your computer in various ways:
- Getting access to your password / login credentials
- Using a vulnerability in your operating system (e.g. hackers often use backdoors in Windows)
- Using a vulnerability in an app you use (e.g. WhatsApp is a big target of hacking given its popularity, Internet Explorer and Flash have also been blamed for many attacks)
- Making you install bad software (e.g. Word files with macros, programs sent via email, infected USB keys etc.)
Sad Truth
If you are a victim of ransomware, we hate to break it to you. You will likely never get your data back from the hacker, even if you paid. Here is why:
- Every touch point with the hacker risks exposing them, they need to minimize all contacts with you.
- They already got their money and there is no way for you to get it back if they don't return your files.
- They, typically, have no reputation to keep as ransomware hackers are hard to identify.
So why would they take the risk and expose themselves further?
If you think it is out of the goodness of their heart, you need to remember that they hacked you, disabled your files and stole your money. Where is the goodness in all of this.
An exception to the above rule is if you got extremely lucky and the hacker is an amateur using a simple encryption algorithm. In which case encryption experts can help. However, don't count on it. The days of dumb hackers are long gone.
How to Prevent Ransomware
Now we move to the more actionable approach: prevention
Method #1 - Productivity Platform
The easiest solution is to use server-side productivity platform.
Encrypting files on our servers (or your self-hosted OneOffice servers) by a third-party is next to impossible. Here is why: Hackers need to install a program on the server that hijacks the content. Given our application servers do not receive emails and cannot install other apps, they are inaccessible to the outside world. We use Linux (not Windows or Mac) and only run the OneOffice application, tough luck!
There is a security vulnerability, however: if you download the file on your computer and subsequently upload a hijacked version.
The good news is that only that file was hijacked, and it is likely we can restore from backups if you discover it quickly. Of course we monitor what you are uploading for common ransomware patterns to prevent a widespread destuction of your data.
Method #2 - Securing your Device
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit (especially if you are using Windows)
The problem with this approach is that often it's your IT rolling out updates. They typically want to make sure these updates don't break anything before they push it to everyone. This results in delays during testing that hackers can exploit.
- Don't install software or give administrative privileges unless you know exactly what it is and what it does (do you really need to install that game on your laptop?)
- Install antivirus software which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won't stop a malware attack, but will limit the damage caused by one.
Method #3 - Backing up
This is actually what most companies rely on. Sounds easy, right? Until you have to restore your files. This when you realize that:
- Your backup keys or servers were also hacked so you can't access your backup tapes.
- Your IT team hasn't done a full restore in a very long time (if ever) and there are some new / important stuff that was never backed up.
- Your backup procedures are out of date with all your recent technology improvements and updates.
We recommend you ask your IT team to hunker down on a weekend or a holiday (don't tell them it was our idea) and go through a full restore. Even the best intents need to be tested. Do this regularly as your technology (patches, updates, new computers) evolves all the time.
Conclusion
In this article we went through the basics of Ransomware, so that you have what you need to make an enlightened decision.
Do not postpone hardening your safeguards against attacks. Hackers can 'smell' that a system is vulnerable and target you.
In fact, the mere point that you are well-protected and your content is secured in a server-side productivity tool discourages hackers from targeting you. After all, time is money and if you are a bad target, they will invest their time elsewhere.