Considering all the computer viruses being released every day, users should know that internet can be a very dangerous place. Among the most vicious computer viruses these days is the so called “ransomware”, which encrypts users’ files, leaving them scrambled unless they pay for the decryption key.
Ransomware is a criminal business model which has proven extremely profitable. This model works successfully because without backups, paying is the only way out for pc users. Unfortunately, the encryption used by modern ransomware is too good to crack. In fact, it was developed that way, with the hopes that it would be used for less malevolent purposes. However, it did not happen that way. For that reason, many security and antivirus professionals claim that the best approach for fighting ransomware is to avoid it in the first place.
Usually, antivirus software works by maintaining a massive database of digital signatures of known viruses. The software scans your hard drive for these viruses and if it finds a file that matches known malware, it attempts to quarantine and delete it. Even if this method can protect your virtual machine against the well-known viruses, it won’t help that much if the virus is new or out of the database. Besides, some viruses encrypt or modify their own source code, making it much harder for antivirus software to detect it.
One of the methods for improving virus detection is called “sandboxing.” It works by running new software or suspicious files in an isolated space to protect your important systems from possible infection. Some antivirus packages include sandboxing functionality and there are dedicated apps for creating virtual machines for testing, but running every untrusted file through the digital equivalent of a quarantined hosedown can introduce unnecessary overhead.
In order to detect previously unknown viruses, you can use heuristic analysis. Antivirus software that uses heuristic analysis can detect previously unknown viruses by studying the behavior of software running on a user’s machine. In case any suspicious activity is detected, like the encrypting of the user’s documents, the questionable software can be instantly removed. In many cases, the encryption aspect of ransomware is already as effective as it has to be. But that doesn’t mean that hackers are resting on their laurels.
According to Craig Williams, the lead security outreach manager for Cisco’s Talos security group, some of the biggest recent innovations in malware have been in how the viruses infect your machine.
“Spear-phishing” is an update of one of the oldest delivery methods: the fake email. In a standard phishing attack, a cybercriminal will spam users with emails masquerading as something legitimate in the hopes that the user will click download an infected file attachment or enter their password into a fake form. Spear-phishing, as the name suggests, is more targeted. Emails are customized to make reference to you and people or businesses that you know, making them more convincing.
“Watering hole” attacks, on the other hand, infect legitimate websites that a user trusts to serve malware to unsuspecting visitors.
To protect against these and future methods, the security companies that Business Insider spoke with all stressed general “good hygiene” practices that go beyond simply running your antivirus scan:
- Keep backups of your files, preferably stored offline where they can’t be reached by infections that make it to your computer.
- Keep your operating system, antivirus, and installed software patched and up to date.
- Avoid suspicious websites, emails, and files online, using common sense and a healthy dose of skepticism.
According to Williams, these practices can help save you from more than just viruses – a freak hardware failure could have the same effect as the most vicious ransomware.
“If you don’t have backups, and they’re not offline… you’re effectively driving an F1 car without a seatbelt…” Williams stated.
Considering all the above-mentioned, the best bet users have in fighting ransomware is prevention, and that’s not likely to change in the future.
Presently, security companies are dedicating most of their resources to prevention and early detection. Analyzing cryptographic ransomware for flaws that might allow the encryption to be cracked is generally time-consuming and is never guaranteed to work. Even worse, when methods are developed to crack poorly implemented encryption, the malware developers often take notice and fix their viruses. This means that for a user whose files are encrypted without a backup, payment might be the only way to restore your files.Despite this fact, the security firms advise not to pay if you can bear losing your files, understanding that victims may choose to pay to recover important documents.
First, there is no guarantee that paying the ransom will restore your files as there may be no working decryption key at the end of the line.
Second, paying the ransom supports the ransomware business model. By refusing to pay, you are doing the entire community good with your conscientious objection.