Ransomware – a class or malware that restricts access to a computer until a ransom is paid – has been around for many years. In fact, one of the first known ransomware – the “AIDS” trojan – was found in 1989. Unlike other malware, ransomware has been in the background, not drawing much attention. In 2013, the ransomware called CryptoLocker began making news as it infected computers, and then began encrypting personal data files. Once the files were encrypted, a ransom message was displayed informing the user to pay a specified amount of money.
Encrypting files isn’t new, of course, but now malware authors are using such encryption to extort money from unsuspecting computer users. The problem is that the encryption that is used cannot be broken by brute force methods, so either the data is lost, or the ransom needs to be paid. More and more ransomware are starting to make their rounds among computer users, and there could be much more robust, efficient ransomware, with stronger encryption, in the future.
While this may sound disturbing, there are many ways that you can protect your computer from ransomware.
1. Backup Your Files
This first method is probably the most important one – backup your files. Backing up your files is probably the best method as you can just restore your files from the backup if they do become encrypted by ransomware. Of course, you want to make sure you have a clean system to restore your files onto, or you will just re-encrypt the files.
With regards to backup, you should backup your files to “cold storage” to prevent ransomware from encrypting your backup files. Cold storage means that you can’t access your backed up files directly from your computer all the time. For example, if you backup your files to an external hard drive, only connect the hard drive when you want to backup your files, and then disconnect the hard drive from the computer. Another example of cold storage is when you backup to cloud service online.
For me, all my backed up files are stored away on cold storage. The first is an external hard drive that sits beside my computer, but is always off until I want to get access to the files or backup new files. A second backup is stored on a portable external hard drive that is connected less often – only when I have many gigabytes of data since the last backup. A third backup is stored online with Backblaze.
2. Use a Sandbox or Virtual Machine
A great solution to protecting your data from ransomware is to limit what the ransomware can get access to. Two of the best solutions to this is to browse the Web and check e-mail in either a sandbox or virtual machine.
A sandbox is the easier of the two to setup as it runs directly in the operating system of your computer. Basically a sandbox is a separate, tightly controlled area, on your computer that you can run applications in. Any application running in a sandbox has limited access to other resources on your computer – including your files. An application in a sandbox, may be able to read a file on your hard drive, but it cannot write to the file. You can also control what applications are allowed to run within the sandbox, access the Internet, and do other tasks on your computer.
There is a great Windows sandbox application called Sandboxie that has been proven to contain ransomware.
If you are technical you may want to look into setting up a virtual machine. A virtual machine is basically another computer that runs within your current computer. You main computer becomes the host to the virtual machine. Everything that happens in the virtual machine, stays within the virtual machine.
With a virtual machine, you can install a Unix-flavor operating system, such as Ubuntu, to give good security, and then access the Web and your e-mail from the virtual machine. If you do download ransomware, it may not even execute in the virtual machine as it isn’t a Windows system, and if it does execute, then the ransomware can’t see the data files on your host computer.
You can create virtual machines for free by using VirtualBox.
3. Don’t Use an Administrator Account
Windows users have always accessed their computers using an administrator account. This account has unlimited access to the computer, and up until recently was the only type of account used. Fortunately, starting with Windows Vista – although more with Windows 7 – Microsoft changed Windows to allow users to use a limited account.
If you are using Windows Vista or later, you should not be logged in with an administrator account. You should always use a limited user account. The reason is simple: any application you run will run in the same context as your user account. This means that if your account has started a ransomware application, and you are logged in with an administrator account, than the ransomware application will have unrestricted access to your computer.
While using a limited user account will not protect your data files if you accidentally ran a ransomware application, it will limit what files it affects or what restrictions it places on your computer. A limited user account can only see their own data files, and can’t change system settings, which will help limit ransomware.
To stress the point about not using an administrator account, over 90% of Microsoft-reported vulnerabilities in 2013 could have been mitigated by using a limited user account.
I have used a limited user account for 4 years with Windows 7, and haven’t had any issues with running applications. So if you are using Windows 7 or later, don’t log in with an administrator account.
4. Don’t Open Suspicious E-mails
While this tips has been mentioned for stopping malware all the time, it is still surprising that people still don’t follow it. CryptoLocker spread by an e-mail attachment, and infected hundreds of thousands of computers. That ransomware could have been stopped, or severely affected, if people just don’t open e-mail, or run attachements from unknown senders.
Many attachments in e-mails are designed to trick users into opening the attachments. Such attachments would actually have two extensions – such as .pdf.exe or .doc.exe. All the user will see many times is the first extension and an icon associated with that extension. For example, a file called example.pdf.exe file would display just example.pdf with an Adobe Reader icon. Unfortunately, the .exe extension at the end means that the file isn’t a PDF document, but an application that will run when opened.
One of the first things I do after I install Windows is to display hidden extensions of known file types, so I can exactly see all the extensions for all the files on my computer. This helps to determine if a file has a double or a single extension.
There are many ways you can protect your computer from various forms of malware. What are some of the tips that you use to protect your computer from ransomware?