What Is Ransomware
Ransomware is a malicious software created to block your access to your files and the operating system. Then the victim receives a text message stating he or she must make a payment. It requires the user to download “Tor browser” and pay in cryptocurrency—such as Bitcoin—as it is anonymous and untraceable.
How Ransomware Gets Spread
Usually a ransomware is delivered via email attachment or suspicious downloaded files (cracked software and torrenting). You can enable the file extensions in Windows, because some files may be discussed with proper icon but have .pdf.exe extension. You should also avoid opening files which contain macros (written code hidden in the file). In some other cases, black hat hackers scan the network for vulnerabilities in the system, software and inject the ransomware program. The most vulnerable services are SMB (Server Message Block) for sharing data between computers in the same network and RDP (Remote Desktop Protocol) for accessing a remote machine. The ransomware will infect all machines and storage devices which are connected to the network, so it is a good practice once the backup is created, the external drive to be detached from the computer.
There is no solution to prevent all cyber security threats to reach you. No matter which antivirus or antimalware program you use, the backups are your best solution not only against ransomware, but also from all sorts of attacks, human interference and natural disasters.
The Backup Rule of Three
The following is also called 3-2-1 rule:
- 3 copies of your data;
- 2 different formats – Google Drive and external hard drive;
- 1 offsite backup – in case of fire or other disaster.
In summary, you can have one data copy/backup to a free cloud storage service provider such as Google Drive. The second one should be local to an external hard disk drive and the third one can be also a local copy/backup, but kept in a different location.
Difference Between Data Copy and Data Backup
The difference between data copy and backup is that in order for the second one to be created a special software is needed. Configuring data backup also gives the options to set up retention policy in order to revert to any file back in a given moment in the past.
The build in Windows defender works descent against the ransomware attacks so it is important to update your system and install the last patches. If you are running on Linux you can uninstall Wine software which allows certain Microsoft apps to run smoothly.
Acronis is also a good product for both backup solution and ransomware protection. It will notify the user for malicious software and will not let them to backup an encrypted file.
Cloudberry has backup protection – if ransomware ends up encrypting the data on your system, when you run the next backup, the software will actually notify you that the files are encrypted. It gives you a warning so that you don’t end up deleting your data and previous backups meaning you can restore and get your data back from the last not corrupted backup.
There is a website https://www.nomoreransom.org/ which allows you to upload an infected file and/or its not infected version and will try to find if there is online decryptor for your particular ransomware. Another useful website is https://www.emsisoft.com/ransomware-decryption-tools/ .
Do not pay the ransomware if the files are not important, because otherwise you encourage the hackers to proceed with these malicious attacks.