Imagine you attempt to log in to your computer, and rather than seeing your log-in screen, you see only a screen stating your files have been encrypted (converted into a code you cannot read) and that the only way to retrieve them is to pay a ransom. The use of ransomware has increased exponentially in the past year, particularly because it results in the best bang for the buck for an attacker.
Ransomware typically involves infecting a machine, much like a traditional virus. However, the files on your computer (as well as files on any network shares) are usually encrypted so you can’t use them. The solution presented by the attacker is for you to pay a ransom to retrieve a decryption key.
There have been more and more cases involving ransomware hitting businesses, including the San Francisco public transportation system and hospitals from Wichita to Los Angeles.
So what can you do to prevent ransomware?
- Use a reputable antivirus program. This isn’t a silver bullet, but it provides a rudimentary layer against malware that may infect your computer.
- Back up your files often. The best way to recover from ransomware is to restore from a good set of backups. But be careful. Infected files could overwrite your uninfected backup. Also, a backup file system that is mounted on your computer, such as OneDrive, is also subject to infection.
- Remove administrator privileges from your general web browsing and email account. If you should become infected, the impact will likely be less: Only your personal files get compromised versus the entire system.
- Be cautious about what you browse as well as what email messages you view.
- Whatever you do, don’t pay the ransom! More and more, ransomware will accept payment but will not release the key (either by intent or by technical glitches).
Learn more about computer security at Fermilab Computer Security Awareness Day and Tech Expo today, Wednesday, Dec. 7, at Wilson Hall. For a schedule of events and a list of exhibitors, visit the Computer Security Day website.
Art Lee is the deputy head of the Computer Security Operations Department in the Office of the CIO.