Ransomware: What We Can Do and What You Can Do

By Mike Cobb, Director of Engineering

What is Ransomware?

Sometimes, hackers use software programs to search for Internet-connected computers with holes in their security. Other times, a user will unknowingly expose themselves through malicious emails or online links that appear safe. In either case, once vulnerable systems are located, the hackers can slip into a computer undetected.

What happens next is absolutely terrifying.

By downloading malware, the thieves can remotely encrypt the device. It’s like putting a tiny combination lock on every important file in the system. If more than one computer is on the system, any connected device could also be targeted and its contents encrypted, too!

This type of malware is commonly known as ransomware. That’s because the hackers demand a ransom payment to unlock the encrypted data. The user must pay the ransom, which varies from a few hundred dollars to thousands of dollars, to have a chance at getting their data back.

There is no guarantee that the thieves will honor the commitment to give the victim the keys to unlock the encrypted data after payment is made. The old adage “no honor among thieves” may hold true in some of these cases. Without the keys, there is no way to unlock ransomware or any other modern data encryption.

New variations of ransomware are programmed every day and sold to multiple malicious hackers on the black market.

Here are some known versions of ransomware:

  • CryptoLocker
  • CryptoWall
  • TeslaCrypt (Nemocod)
  • Locky
  • Petya
  • KeRanger for Macintosh
  • Coinvault
  • Bitcryptor

What Can be Recovered if Decrypt Keys Cannot be Retrieved?

If you are a victim of ransomware, your first step is to take some time and look for any and all backups, even those located on the affected drives. It’s possible that they were not encrypted.

If you have verified that your data is truly encrypted, no one can unlock your files without the key. However, there are three ways that DriveSavers may be able to help.

1. Finding Data that Escaped Encryption

Ransomware programs focus on the most likely places on a drive where important data is stored rather than the entire drive. This means that there may be data on an infected drive that has not been encrypted by the malware.

Some data that may still be recoverable include deleted files, older versions of documents and other similar files. This can often be a much better place to begin rebuilding business files, etc. rather than starting from scratch. Duplicate photos that have been deleted and other personal data can also often be recovered.

2. Encryption Loopholes

Using specialized software, DriveSavers may be able to bypass the encryption from a select few ransomware programs and successfully recover most, if not all, hostage data.

3. Facilitation

Unfortunately, many ransomware situations have only one solution: payment of the ransom. This process can be confusing and frightening. Sometimes, you don’t receive your data even after payment.

In certain situations, DriveSavers can facilitate the process to obtain a decryption key in a safe and secure manner. We can ensure that no additional damage or malware access to your device will occur. We guarantee receipt of your data or no payment is due.

Free Evaluation to Find the Best Solution

The above three options can be discussed once we perform a free evaluation on your device.
Call DriveSavers at 800.440.1904 so we can set up a free evaluation to determine if your data is recoverable and what option may be best for your situation.

How to Prevent Ransomware

Regularly Update Security Software

Hackers are always exploring computer security measures to find weaknesses and develop ways in. In reaction, security software manufacturers are constantly developing patches and software updates to eliminate threats as they are discovered. If you don’t keep up with software and operating system updates, these known weaknesses remain like open doors inviting criminals into your computer.

Identify what firewalls, anti-spam, antivirus, anti-malware and anti-spyware software you have installed and always install updates, as they are made available.

Use Strong Passwords

Weak passwords are an easy way for someone to access your personal data. Use proper password techniques that are enforced for all user accounts, including those with remote access to your system. Here are some good tips to follow when creating passwords:

  • Passwords should be at least 7-10 characters long
  • Don’t use a number series like 1234 or 4321
  • Don’t use the names of children or pets
  • Don’t use birthdays
  • Include a mix of upper and lower case letters
  • Include at least 1 number
  • Include at least 1 special character
  • Don’t use single dictionary words (spelled forward or backward)
  • Don’t use character substitution for dictionary words (like p@$$worD)
  • Use a string of 3 words smushed together that are meaningful to you so you can easily remember your password without having to write it down and refer to it
  • Good password example: 3wOrdSmushedTo{gether
  • Bad password example: P@ssword123

It’s vital to use different passwords for each account and change them every few months. Otherwise, a hacker only needs to crack one to have access to everything. A good password manager program can keep this from being overwhelming.

Additional Tips

Disable Remote Desktop or Terminal Services completely when not in use.

Use IP address based restrictions to allow access to a device from trusted networks only.

Watch out for malicious emails and phishing links. Learn how to protect yourself from links that look safe but aren’t by reading Don’t get Caught by Phishing or Other Email Attacks.

Learn more about ransomware data recovery.