The Rise of Ransomware

For those who don't know, this blog is part of a larger site dedicated to providing tools and news about information security for the average person. As part of that mission, every morning I browse the headlines and post privacy/security-related articles on The New Oil's Mastodon account, acting as a sort of news feed for stories I think are important and the average person should at least be aware of. (I try to do that every morning, sometimes the day job gets in the way, so quick shameless plug for my Liberapay where you can help me be less dependent on the day job so I focus more time and energy on The New Oil.) Data breaches, even though I share them, are nothing new to me. I see them multiple times a week, literally almost every day. But lately I've seen an additional worrisome rising trend: the rise of ransomware. And it's becoming a big deal lately, so I want to talk to you about how to avoid it and protect yourself from it.

First off, what is ransomware? Basically it's a virus that encrypts your computer and doesn't give you the password, requiring you instead to pay an anonymous criminal via Bitcoin to get it unlocked. It's becoming an increasingly common attack, especially on governments and government services. So far at the time of this writing South Africa, Florida, Maryland, Ohio, Maine, New York, Georgia, Colorado, and Texas have all been hit, and in some cases the government has agreed to pay to get the systems unlocked. In this post I'm gonna be talking about the really nasty, scary stuff. A lot of the time a virus will claim to be ransomware but in reality it's just a normal annoying virus that requires you to boot into safemode or a use an antivirus USB stick to fix it with no damage to your files. This article is about the scary stuff in the headlines as those will do the most damage if they ever hit you.

How can you avoid it? The same way you can avoid any other virus: don't click links you aren't 100% sure of. If something feels off, it probably is. Don't download anything you aren't 100% sure of. Do regular virus scans, etc.

But what if it happens anyways? We're all humans. Once in a while my virus scan detects stuff, and sometimes my links get hijacked. It's part of life in this digital age. Well if it's already been locked, I'm afraid this blog won't help you. Sorry. You can pay. Or trash it. Or take it to an actual cybersecurity expert and see if they can help. It's up to you. But there's some things you can do beforehand to mitigate the damage in case it ever does happen to you.

First and foremost, backups. This is a tale as old as computers themselves and the only real insurance plan I know if you fall victim to ransomware. Multiple terabyte external hard drives are available for less than $100 these days. Consider it an investment. There are a lot of programs out there that offer automatic backup services (Windows 10 and Mac even have their own built in) but I personally prefer to manually backup everything once per month. I set reminders every month on my calendar so I don't forget, then I set it to go during a couple hours when I won't be using my computer. That way even if I lose my data, I'm never more than a month behind, and which for me isn't a huge loss. Your work may be different, and in your case you may want to back up once a week or even once per day. That's something only you can answer. Additionally, I'm backing up EVERYTHING. Project files, text files, even my movie and music libraries. You may decide those are less important and choose only to back up family photos or text files. That's up to you. Either way, decide what's important to you and create a system to back it up regularly.

Second, don't click any links you aren't 100% sure of. I know I already said, that but it bears repeating. Phishing – where a malicious actor sends you a link and that link, once clicked, secretly allows them access to your computer either directly or as a virus – is still, after all these years, the number one way of gaining access to an otherwise secured machine. Despite years and years of being told not to click links, to double check who the email is from, to be 100% positive, people still fall for it every day. Sometimes an email looks legit and comes from a legit source, I get that. But you can avoid probably 90-95% of actual hacking attempts just by being judicious with your clicking.

Third, I mentioned antivirus. Having a solid antivirus software in place is great. Personally I'm not a fan of the more mainstream options like Norton, AVG, and Symantec. I've had lots of cyber people I trust tell me that there's a lot of stuff going on behind the scenes that isn't virus-related, like telemetry (reporting the usage statistics of the software) and cosmetic stuff. They tend to be bloated and slow to actually add current viruses that are in the wild. Instead, you may be surprised to learn that both Windows and Mac come with built-in antivirus programs that experts agree are plenty powerful. Windows Defender was a joke a few years ago, but these days it's been heavily improved and most experts don't recommend a third-party antivirus. Mac also comes with XProtect buried in the programs menu.

Finally, if possible, you might consider switching to Linux. Now, this isn't always possible. For my day job, I am required to have access to several key pieces of proprietary software that are exclusive to Windows or MacOS. I can (and do) have a personal Linux machine, but I am required to have a Windows or Mac computer available for work. Not all of us can have two computers or dual-boot, and not all of us have the option of switching to Linux. But if you do have that option, I highly encourage you to consider it. Ubuntu is the most common flavor of Linux, and as such has by far the most support. Pretty much any problem you search for in a web search engine will almost certainly be answered for Ubuntu. Mint is another common variation. It looks a little old-school, like Windows XP, and it functions similarly, which means you'll probably feel right at home. Personally I recommend Pop!_OS. There's also Elementary for those who are used to the Mac interface. I plan to do a blog post down the road all about Linux, the popular varieties, which ones I recommend, and why. Again, this may not be right for everyone, but because Linux has a far smaller market share, there's less viruses out there for it. It should be noted that that doesn't mean that Linux is inherently more secure, viruses for it do exist and it's on the user to be judicious, but it does mean attackers tend to focus on bigger, more common platforms which does give you a small measure of security through obscurity.

Admittedly, it's highly unlikely your computer will be targeted directly. In a lot of these state-level cases, I suspect that someone emailed an employee a link which they clicked and downloaded the ransomware. In your case, it's much more likely that you'd be searching an unfamiliar portion of the internet and accidentally download a ransomware designed not for any one specific person, but rather for anyone who accidentally clicked on it. In those situations, your antivirus will be your most likely defense. And, god forbid, if you do fall victim, your backup is your saving grace. Personally if I were to fall victim to a ransomware attack right now, it would be incredibly annoying but not really a big deal. I would just reformat my computer and load the data from my backups without paying anyone a dime. But you can only pull that off if you're consistent with your backups and have good practices for dealing with online content. And as I said before, always be aware that it may just be a scare tactic and it may be something you can fix with a normal virus scan.

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.