In recent years, many large and medium-sized companies, medical facilities, schools, town halls and other municipal administrations have been affected by ransomware attacks. Ransomware is malicious software that blocks access to files (usually using encryption) and trickes the victim into paying to have them unlocked. The infected user only sees a message informing them of the blocking and the amount of the ransom.
This can be quite frightening to a computer user, especially when business material is stored on the computer and no decryption tool is available. In many cases, the victims have no choice but to pay the ransom demanded.
In numerous underground markets there are now modular systems that enable people without programming knowledge to build and distribute ransomware. Only the blackmail report and the amount of the required ransom need to be adjusted. In the future, ransomware attacks will be even more targeted and efficient. In addition, to increase willingness to pay, not only data is encrypted, but also critical infrastructures (KRITIS).
Rules of conduct: preventing ransomware
Unfortunately, there is no panacea for ransomware victims. It is therefore essential to prevent infection. Take the following antivirus tips with you for the future. It can save you a lot of trouble and money:
1. Windows administrator account
In any case, avoid using the Windows administrator account for your daily work. This can easily become a gateway for malicious programs, since all programs executed by the user are given administrator rights and thus malicious programs can gain control over the entire computer.
2. System and software updates
Regular system and software updates are very important. Often outdated programs or operating systems without security updates are the only cause of the damage malware can do.
3. The browser
The browser is the weakest link in the entire security chain. This bears the brunt of all Internet attacks. If possible, deactivate Flash, Java, Silverlight and all unneeded extensions (toolbars, etc.).
4. Installation of new programs
Be careful when installing programs. Even seemingly safe programs often require toolbars (from third parties) to be installed. As soon as a new toolbar or something similar appears in your web browser, check your recently installed programs.
5. Virus scanner
Install a virus scanner and keep it up to date. Avast, AVG, Bitdefender, Kaspersky, Microsoft, and Panda Security offer free virus protection programs.
Important: anti-virus programs are not magic wands that make everything right again!
Back up your data regularly as a precaution against any possible computer problems. A working data backup is the best thing you can do!
Note: Cloud providers such as OneDrive and Dropbox automatically upload data (if changes are made) to their own cloud storage. This data can also be encrypted using ransomware. USB sticks or external hard disk drives are better data backup media. Physically disconnect the devices after creating the backup.
EXTRA: Cyber security & data protection: Every fifth employee is afraid of making mistakes
7. Suspicious Links & Files
Avoid opening suspicious / unknown links and files. In particular, incoming e-mail messages should be carefully checked for infected files.
The “Linux” operating system is significantly more secure than Windows. There are fewer malware programs for Linux, because: Linux virus programmers have to overcome higher technical hurdles and achieve much less mass. Incidentally, Linux has become significantly more user-friendly in recent years.
9. Configuration of the firewall
Optimize the configuration of your firewall. It is best to create a comprehensive firewall concept for networks. The best thing to do is to consult an IT professional. A DMZ (Demilitarized Zone) also makes sense for smaller networks.
10. Current security vulnerabilities
Stay up to date with the latest security vulnerabilities and cybercriminal tactics in the media. Also note that ransomware can get into your system in other ways besides the Internet (CD, USB stick, external hard drive, etc.).
EXTRA: Smart home devices: gateway for major hacker attacks?
Correct behavior in the event of damage
If you see a ransomware report on your computer, you should first take a picture of it and report it to the police. You then have four options:
- Set up the computer again and import the last backup (if available).
- Free the infected system from the extortionate ransomware. Various companies, including Kaspersky, McAfee, Europol and the Dutch police, have joined forces and put the NoMoreRansom.org project online. The project currently offers more than 60 decryption programs.
- If you have no experience with this, you should stay away from it and see an IT professional.
- Paying the ransom is the worst option! Nobody can tell you whether the data is really being decrypted. The attackers may not be able to decrypt the data at all.