What is ransomware and how do you protect yourself against it?
A recent BBC article reported an 'alarming' rise in ransomware attacks, and at RM Education we’ve noticed that a number of educational establishments have fallen victim to attacks in recent months too. So what is ransomware and how can we prevent it reaping havoc?
What is Ransomware?
Ransomware is a kind of malware, or malicious software that scrambles data on your device. It holds your device or files for "ransom" and will demand that you pay money to get access to your device or files.
There are different types of ransomware which behave in slightly different ways:
- Prevent you from accessing Windows
- Encrypt your files so you can't use them
- Stop certain apps from running, including your web browser
They target any users, whether it’s at home, work or school. There is no guarantee that paying the ransom or following the Ransomware demand will give you access to your device or files.
Types of Ransomware
There are thought to be over 120 different variants of ransomware in existence today, but there are two common types – lockscreen ransomware and encryption ransomware. Lockscreen ransomware shows a full-screen message that prevents you from accessing your device or files. You will be asked to pay a ‘ransom’ to get access to your device or files again. Encryption ransomware encrypts your files leaving you unable to open them.
How does Ransomware infect your device?
Ransomware can get on your device from a number of different sources, this includes:
- Visiting unsafe, suspicious, or fake websites
- Opening emails and email attachments from people you don’t know, or that you weren’t expecting
- Clicking on malicious or bad links in emails, Facebook, Twitter and IM chats like Skype
- Allowing remote access to your network from the Internet
How to reduce your risk of a Ransomware attack
1. Back up your data, regularly
You must back-up you data, regularly. If you can restore access to your data easily and quickly, the impact of a ransomware attack is going to be less disruptive. Some types of ransomware will encrypt files on drives that are mapped to your device, so it’s important to opt for an external drive or remote backup service, one that is not assigned a drive letter or is disconnected when it is not doing a backup.
2. Keep software up-to-date, reducing vulnerabilities
Some ransomware will rely on security vulnerabilities in popular software applications, including Office, your browser, Flash etc. so it’s important to keep your up to date with the latest updates.
3. Anti-malware is vital, keep yours up-to-date
There are many anti-malware products available such as Sophos which can be purchased for as little as £1 per device per year
4. Ensure that remote access to your school is secure
If you connect to school from home it’s quite likely that you’ll be doing so using RDP (Remote Desktop Protocol). Some types of ransomware specifically target machines using RDP. We recommend using SSL Connect to protect RDP; for more information see ssl connect.
5. Keep all your passwords sufficiently complex
If you do allow remote access then ensure that all passwords are strong and not shared with any other service. Never reuse the same password for different services. As a user, the best way to defend yourself is to ensure that your password is strong and never use the same school password for the LAN on another website.
6. Only use admin rights when you absolutely have to
Don’t give yourself more permission than you need. Don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other ‘regular work’ activities while you have administrator rights. On your home laptop have a separate account with administrator rights; only use it when you are making changes or installing software.
7. When it comes to emails, be suspiciously smart
Don’t open emails or email attachments from people you don’t know, or that you weren’t expecting. The SWGfL wrote this useful Phishing article. If in doubt, remember, don’t open it!
8. As a network manager you can protect your users by stopping users running scripts and macros
A lot of ransomware spreads by emailing scripts to users that look like a legitimate document; by default windows will execute these scripts if you click on them. There are a variety of different ways to prevent users getting emails with these script extensions (.js .wsh .wsf) or preventing them from running. You can also set a Group Policy to prevent word macros which are another infection method.
- How to stay protected against ransomware - Sophos Guide
- Microsoft guide to Ransomware
- How to deal with ransomware - Microsoft blog
- 'Alarming' rise in ransomware tracked - BBC News article
- University pays $20,000 to ransomware hackers - BBC News article
As seen previously on http://swgfl.org.uk/magazine
RM Education has been working alongside SWGfL and the UK Safer Internet Centre since 2001 on both the connectivity and online safety requirements for schools across the United Kingdom.