Ransomware

How to guard against ransomware, and should you ever pay up?

Life
Image: FBI/IDGNS

15 May 2017

Losing access to your files, whether precious photos or business documents, is something we hope you never experience. But if the worst happens and your PC and other kit ends up infected with WannaCry, CryptoLocker or some other ransomware, what should you do? Will the hackers actually honour the payment and hand over a decryption key? Here’s what we know, how to guard against ransomware, and what the FBI advises victims do.

Before an accidental hero calling himself MalwareTech flicked its hidden kill switch the ransomware attack that struck the UK’s National Health Service systems appeared to be spreading around the world, leveraging a hacking tool that may have come from the US National Security Agency. Mikko Hypponen, chief research officer at cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history”.

The ransomware, called Wanna Decryptor or WannaCry, struck hospitals at the NHS on Friday, taking down some of its network. A security expert found a kill switch hardcoded into the malware, which saved the attack hitting the US.

The Wanna Decryptor ransomware strikes by encrypting all the files on an infected PC, along with any other systems on the network the PC is attached to. It then demands a ransom of about $300 in bitcoin to release the files, threatening to delete them after a set period of days if the amount is not paid.

Ransomware scams: your options
In 2016 a hospital in Hollywood hit the headlines after it admitted that it paid almost $17,000 to get back critical files including patient data. According to reports, the criminals did unlock the hospital’s files and all was well just 10 days after the attack.

But there are no guarantees that the criminals behind all ransomware variants will do the same. If you pay up, you risk getting nothing in return.

Companies rarely admit to paying ransoms, because this also admits that their network was compromised in the first place. Therefore no-one is quite sure of the exact likelihood of getting your files back if you do choose to hand over the cash (or, more typically, Bitcoins).

Free ransomware decryption tools
Typically, the ransom is several hundred euro, which is cheaper than employing a data recovery firm to attempt to decrypt the files. But before you pay anyone, check if there’s a freely available tool which will do the job.

Kaspersky, for example, has a ransomware decryptor which works with Coinvault and Bitcryptor. There’s another tool which is said to work on files encrypted with Teslacrypt.

If you are a Locker victim, then see this thread on Pastebin.

Ransomware scams: to pay or not to pay
The first task, then, is to find out which exact malware has encrypted your files, then search online to see if a decryption tool is available.

If not, check if you have backups which are up to date enough to avoid having to pay the ransom.

And if you have no backups, the FBI’s advice – amazingly – is to go ahead and pay it. It says that it’s often the quickest and cheapest way to solve the problem, but not everyone agrees.

There are two main schools of thought. The first is that the bad guys want to make it as easy as possible to pay and get your decryption key. After all, they want other people to pay up and not hear that people have paid and got nothing. Hence, you should follow the instructions when you see the ransom on screen and you’ll get your data back.

The second is that the bad guys have no incentive to hand over the key. For one thing, contacting people makes them easier to trace, but the main point is that they’re anonymous, so they have no reputation to protect. Also, people who’ve paid the ransom and got nothing are hardly going to shout about it: they’ve just lost money to a scam and are no closer to getting their files decrypted.

Further, even if you do get a key or some tool to decrypt your files, you’re still not safe. The criminals might still have access to your machine and hold it to ransom again.

Those who would advise you not to pay would also warn against believing stories such as the Hollywood hospital case, as the criminals will go to great lengths to post fake testimonies about successfully decrypting files in order to persuade victims to pay up.

How to guard against ransomware
If you’re reading this having suffered a ransomware attack, the following advice probably comes too late. But if you haven’t, there are several things you should be doing:

1 – Make regular backups of any and all files you can’t afford to lose. Don’t assume that cloud backups or cloud storage is immune from ransomware: many services sync files with those on your hard drive and could well overwrite unencrypted files with the newer encrypted ones. The best plan is to make multiple backups which include copies on hard drives or any media which is not connected to a computer or the Internet. A portable USB hard drive is ideal.

2 – Keep your antivirus and Internet security software up to date and ensure you are using software which can protect against all types of malware, including ransomware.

3 – Be ever more vigilant about which email attachments you open and links you click on. Ransomware usually relies on human vulnerabilities, rather than weaknesses in security software. Even if an e-mail or attachment is from a person you know, or a service provider you use, double-check that it is genuine. If in doubt, don’t open the e-mail, let alone open an attachment or click on a link that will supposedly take you to a page where you can enter your banking details.

PC Advisor

Read More:


Back to Top ↑

TechCentral.ie