Ransomware is a plague. We advise on how to protect yourself and how to recover data in the event of an attack

Imagine that someone enters your home, closes all your valuables in an unopened safe, sets up your own access code and tells you to pay for it so that you can get inside and get back what is yours. Absurd? No - this is how Ransomware works.

Ransomware is nothing more or less than malicious software that blocks access to user data until it pays. In the least sophisticated form, blackmail software blocks the system. In the most - encrypts files, making access to them impossible without paying a "ransom".

Ransomware has a long history, but only in recent years has become a scourge

According to Wikipedia, the first program of this type was "AIDS", created in 1989 by Joseph Popp. "AIDS" hid files on the disk and encrypted their names, and displayed information about the expiration of the license to use certain files. In exchange for unblocking, the victim was asked for a ransom of $ 189.

Over the years 2000 'there were few attacks using blackmail software. The real "boom" of this nefarious solution occurred after 2013, with the growing popularity of CryptoLocker, using Bitcoin to obtain payments. Cryptocurrencies made the transactions impossible to trace, and thus also prevented the cybercriminals responsible for the attack using ransomware.

CryptoLocker has spread between users in a simple way - as an attachment added to the e-mails. According to Avast, over half a million machines fell during the 2013 and early 2014, while malware forced over 3 million. dollars. ransom.

However, the most serious - so far - example of ransomware is WannaCry , hailed by experts as the most dangerous malware in history. WannaCry also initially spread in the form of fake attachments in e-mail, as well as using the SMB protocol error in Windows to independently spread to subsequent devices.

Microsoft quickly patched the vulnerability in its operating systems, but with the general reluctance to update the operating system, it was not implemented quickly by users. As a result, WannaCry spread to over 250,000 in just four days. machines in 116 countries and over 150,000 Android devices.

WannaCry is also the first case of Ransomware, in which a lot of public institutions and companies suffered: the British health service suffered the most, the Frankfurt station, the police in YangCheng and the university in Milan paralyzed. Hundreds of companies have also lost money, from giants like Renault to small enterprises.

As the ransom demand was relatively low ($ 300-600), many users decided to pay.

QNAP TS-351 with snapshot mechanism allows you to defend against Ransomware attacks

The attack with the use of Petya software (or NotPetya) had even greater consequences, which occurred just after mastering the confusion associated with WannaCry. However, while WannaCry aimed primarily at ordinary users, Petya used errors related to the administration of company computers connected to the ActiveDirectory domain. As Maciek Gajewski explains :

It was enough to infect the company server itself so that the rest of the computers configured to fully trust it caught the infection. Including those with the latest updates for Windows from Microsoft.

Initially, the attack was targeted at companies and government institutions in Ukraine. Major sectors of the economy were affected, such as banking, aviation and energy. Government domains have ceased to operate. The deputy prime minister of Ukraine himself wrote that "the network lies".

The scale of the attack allowed presuming that the Russian secret services responsible for paralyzing Ukrainian institutions were responsible for it. Petya, however, quickly went beyond Ukraine itself - the victims were international companies from Russia (Rosneft fuel network), the United States (manufacturer of Merck medicines) and even Poland (Raben). The infrastructure of the Antonov aircraft manufacturer and the offices of the international legal corporation DLA Piper has been grounded.

The consequences of the attack were so serious that the Polish government convened the Crisis Management Team.

Ransomware is one of the most onerous forms of attack. How to defend against it?

Unfortunately, it is not easy. Of course, the first advice is always "think!" - do not open suspicious messages, attachments from emails of unknown origin and strange files allegedly sent by your friends. This is how the largest ransomware attacks in history have spread.

The second advice is "update the system. Always . "

Many users permanently postpone updating the software for later. Either from simple objection, or from unwillingness to change, or from fear of errors in the functioning of the system. However, it is better to spend a few days over with a software error than to install an important security patch that can save us from being infected with blackmailing software.

The third council is "backup, backup, backup" . The most important data should always have your backup, preferably in three places - the cloud, an external drive and (if possible) a disk located outside of your place of work / residence.

This is, of course, the basics that we should always use. In the case of ransomware attacks, however, they may turn out to be inadequate.

QNAP TS-351 with snapshot mechanism allows you to defend against Ransomware attacks

This is due to the fact that ransomware is able to encrypt not only computer disks, but also local network resources. Even if we have backup on a NAS, after encryption we lose access to it.

To this you must also admit that the forms of "approaching" users by cybercriminals are becoming more sophisticated. It is extremely difficult to distinguish a real message from a fake one, the more so that offenders get impersonation, for example, into banks and government institutions.

There are also attacks that are able to deceive security, using so-called "zero-day" mechanism, ie exploits used by cybercriminals before the software producer can issue an appropriate patch. In this situation, the user can not count on the chance to protect himself from the attack. He can only think about what to do when the attack takes place.

The most effective way to protect against the effects of a ransomware attack is the snapshot mechanism found in NASN's QNAP.

https://www.youtube.com/watch?v=tR5u94Z6lP8&feature=youtu.be

In contrast to the classic backup, which creates a copy of a given file, the snapshot mechanism records metadata of files, which allows you to save and restore different versions of the same file, folder, and even the entire volume.

So when it comes to attack with the use of blackmail software, it is possible to restore previous, uninfected versions of encrypted files. On a daily basis, the entire process is imperceptible to the user - once the mechanism of snapshots on QNAP network drives is running in the background, constantly making backup copies. The user does not have to remember anything.

However, when an attack occurs, it is very easy to regain access to the encrypted data.

QNAP TS-351 with snapshot mechanism allows you to defend against Ransomware attacks

How to recover data lost as a result of a ransomware attack?

QNAP provides a solution in a few trivial steps:

  • If you notice ransomware or a ransomware message, disconnect your computer from the Internet and the NAS. The NAS server itself is also worth disconnecting from the network to prevent the spread of malicious software.
  • Disconnected from the NAS network can be connected to the monitor, mouse and keyboard (if it has an HDMI output), or to the computer (making sure that it does not connect any infected folders shared with the server).
  • From the list of "snapshot manager" we choose a snapshot taken before the ransomware attack. We delete all files from the infected folder and then restore them using the snapshot.

Such restored files should appear in an unencrypted form.

QNAP TS-351 with snapshot mechanism allows you to defend against Ransomware attacks

It's better to pay yourself than to pay cyber criminals.

NAS servers are not the cheapest devices. It is understandable that many users are waving their hand at the potential benefits that they will potentially benefit from during a potential attack.

The problem is that the potential of the attack increases year by year, and the number of incidents using various types of ransomware has been reported in millions since 2013. Therefore, there is a good chance that our machine will fall victim to blackmail software.

So it's better to blow on cold. Show common sense, back up and regularly update the operating system and other software.

And if we keep important files and documents on the computer, the loss of which can cost us a lot of money, it is better to stock up on a NAS with snapshot support. It is better to spend money on a secure backup mechanism in advance than to be forced to demand a ransom.

* The material was created in cooperation with the QNAP company



Ransomware is a plague. We advise on how to protect yourself and how to recover data in the event of an attack

Comments

Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Does your Xiaomi charge slowly or intermittently? So you can fix it

Problems with Android Auto and your Xiaomi? So you can fix it

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

How to activate the second space if your Xiaomi does not have this option