by Mahesh Raj Mohan and Mike Russell
This article is a collaboration between CC:PDX members Mahesh Raj Mohan (Enlighten Writing) and Mike Russell (Pivotal Writing). They created this article to keep clients and freelancers informed about the ransomware threat.
You may have heard the term “ransomware” lately. Ransomware is a type of malware that encrypts your computer or device so you cannot access your data or apps. There will often be a message on your screen demanding money (e.g. Bitcoins) to unlock your system.
Ransomware has become the “attack du jour” of hackers across the world. It is lucrative, catches many victims off-guard, and there are multiple methods of attack. Ransomware can be a virus or Trojan horse in an e-mail link. More worrisome, ransomware can be hidden in an online ad, as this excellent article from Malwarebytes Labs illustrates.
If you don’t have a robust firewall, ransomware can hide in a file that your system doesn’t recognize as a threat until it is downloaded onto your machine. It can cost you hours or lost productivity and income, and it can damage your relationship with your clients if their project data is on your system.
Okay, yes, ransomware is scary, but we don’t want to overdo the “fear” element here. There are steps you can take to defend your system and your clients. Best practice for freelancers and businesses dictates a “layered defense” strategy where you have multiple defenses running on your machine.
In this blog post, we’ll discuss some preventive actions you can take, their level of difficulty to implement, and the cost involved.
Anti-Virus and Anti-Spyware
Anti-virus and anti-spyware programs should be as common on your system as an Internet browser. We won’t advocate for particular programs, and we hope that you already have anti-virus of some kind on all of your devices (even Apple products).
Difficulty Level: Varies by the brand. Generally easy.
Cost: Varies; there are free versions, but we recommend the “fully loaded” types. Here is a full list for PCs.
External Hard Drive
The one sure-fire method of ransomware prevention. You buy an external hard drive that houses a copy of your data, as well as your client project data. You could keep all your client data on this separate hard drive
Difficulty Level: Moderate. External hard drives are simple to connect to your primary machine so you can copy files quickly and easily. However, it may be inconvenient if, for extra security, you turned off your Internet connection while working on your client’s project (e.g. you may need to use the Internet for research).
Cost: Varies. A 1-terabyte drive usually runs $40-$100 depending on the brand and whether you are buying a hard disk drive or a solid state drive.
Cloud Backups
Dropbox is the most well-known data backup solution that is not housed on your hard drive. Dropbox has 256-bit AES encryption. Dropbox claims that you can restore data to before the malware took effect, but you’d still lose the most current version of your file(s).
Difficulty Level: Easy.
Cost: Dropbox Pro costs $99/year or $9.99/month.
Password Managers
Ah yes, the dreaded discussion of passwords. Using the same passwords on multiple sites is not recommended, but coming up with dozens (if not hundreds) of passwords can be impossible to track. Password managers like 1Password and Roboform can help to make this easier.
Difficulty Level: Easy. Install them on your machine, and start collecting passwords. Every time you sign up for a new website, the passwords will be automatically saved. You can also choose “everywhere” options that reside in the cloud and can be used on more than one machine.
Cost: $20 and up.
For Advanced Users
If you are really worried about ransomware and want to be on the cutting edge of defense, you can try a couple of solutions.
Turn Off Adobe Flash
Flash is a vulnerable deployment vehicle for ransomware, and turning it off gives more power to consumers. Once disabled, you have the power to activate Flash for in-browser applications that use it.
Firefox
Locate the three vertical bars at the top of your browser, choose “Add-Ons,” the Plugins. Scroll down to Shockwave Flash and choose, “Ask to Activate.” If there is any malware hiding as a “malvertisement,” then this should help neutralize the threat.
Chrome
Go to the URL bar and type “about:plugins.” Locate “Adobe Flash Player” and choose “Disable.”
Safari
Choose “Safari” in the menu bar, then “Preferences,” and then “Security.” Click on the “Website Settings” button next to “Allow Plugins,” then select “Adobe Flash Player,” and “Block” for the option, “when visiting other websites” in the menu that appears.
Beta Testing
BleepingComputer offers some recent anti-ransomware downloads that are in the “beta testing” stage that either stop ransomware scripts from running or export encrypted files. These options are currently free.
Script Blocking Add-Ons
You can download a free Javascript blocker (such as NoScript on Firefox) that blocks scripts (Javascript and Silverlight) that can be exploited by hackers. The installation of the add-on is seamless, but you’ll find that a lot of sites use Javascript, so you will spend time “white-listing” sites that you trust. It can also make some websites non-responsive, so only choose this option if you are willing to deal with the hassle of a layered defense.
—
We hope we allowed you to harden your defenses and think about cybersecurity and your clients’ data in a strategic way. How do you protect yourself against ransomware and other cyber maladies? Please add your suggestions in the comments below.