How to Handle Ransomware Threat: Be Cautious and Backup Data

Why spend money on a backup program or bother setting it up? I know my data is safe.

This commonly-held belief was shattered by the recent WannaCrypt / WannaCry ransomware. The attack started on Friday, May 12, 2017, and has been described as unprecedented in scale, infecting more than 300,000 computers in over 150 countries. Some of the people had to pay up hoping to get back their data, while others just lost it. It is estimated that more than US$80,000 has been paid in ransom so far, but the total loss due to this attack might be as high as US$4 billion (according to CBS News).

“Ransomware” is a type of malicious software that blocks access to a user’s data generally by encrypting the files and displays a message demanding ransom payment. It won’t allow the user to get back the files until a “ransom” is paid (generally through untraceable ways of Bitcoin). Ransomware may also encrypt the computer’s Master File Table (MFT) or the entire Hard Drive. The WannaCry ransomware enters a network (an organization’s LAN) via an email attachment or from a compromised website. Once in the network, it uses a vulnerability in the Microsoft’s implementation of the Server Message Block (SMB) protocol to spread across the entire network. Back in March 2017 (i.e., nearly 2 months before the attack happened) Microsoft provided a fix for this security vulnerability for Windows Vista and higher. Recently Microsoft has released a patch for the outdated and out-of-support Windows XP Operating System too.
This ransomware encrypts the files in a computer and demands a payment of around US$300 in Bitcoin currency within 3 days or US$600 within 7 days. After 7 days, the files will become completely unrecoverable.

Wannacry Ransomware Screenshot
[By Source, Fair use,]

Ransomware attacks have happened before, and will happen again, and again. On May 19 another new ransomware, Xdata, has started spreading mainly in Ukraine.

So, how can we prepare to protect our valuable data from such attacks? There are two ways of handling this threat.

1. Prevent or minimize the chance of a malware attack.
2. Minimize the effect of being infected / hit by a malware.

The above two-prong proactive defense is important, because one of the possible ways of getting rid of the malware “industry” is to frustrate the players, who are not some intelligent-but-bored teenagers having fun, rather organized criminals are into this to make money. If they can’t break into enough computers, either to cause disruption (and thereby derive some perverse pleasure) or make money (which is the main goal), their interest will eventually fade. Let’s do our part to weaken, and over time hopefully get rid of, this menace.

1. Prevent or Minimize the Chance of a Malware Attack

There are some basic precautions all of us need to take to minimize (and hopefully eliminate) the threat of various malware.

a) Always use genuine software – Operating System (such as Windows) and applications (such as Office, Photoshop, browsers etc.) – from reputed companies and their suppliers. If you get pirated software (especially OS) from someone or download random software from the Internet, you are immediately vulnerable to different security threats.

b) Always keep your OS updated with the latest updates and service packs. Do not use an outdated OS.

c) Use a good up-to-date anti-virus to protect your system. Using an ineffective anti-virus is equivalent of using a door lock that anyone can open without the required key. Microsoft provides free download of its own anti-virus and anti-malware (Security Essentials and Defender). Also, regularly update the virus definitions.

d) Avoid using the computer by logging into an account with administrative privileges. It’s safer to do day-to-day work from a limited privilege user account.

e) Avoid visiting unknown or unreliable websites, and do not accept to run any script or application, if prompted by the websites. Also, use recent (preferably latest) version of one of the top browsers – Chrome, Firefox, Internet Explorer (11 only), Edge, Safari, Opera.

f) Avoid installing browser plug-ins or extensions from unknown providers. Keep vulnerable plug-ins or extensions disabled.

g) Do not open an email attachment from an unverified source, sometimes even from supposedly known sources such as friends or colleagues. Never run any attachment directly from the email client. Always download the attachment and run a virus scan on it before opening the attachment.

h) Do not insert any random media device (USB drive – flash or hard disc, SD-Card etc.) in your PC. Such media devices might been used on a compromised / infected computer. If need be, format it, or scan it using an up-to-date anti-virus before plugging it into your PC.

2. Minimize the Effect of Being Infected / Hit by Malware

In spite of all the precautions, it IS quite possible to still get infected / hit by some malware. For such scenarios, safeguard what the attacker is aiming for – your data.

NOTE: In such a case, you will need to re-setup the computer (such as reformat the hard drives, install OS and applications, reconfigure as per your needs), and then restore the data from existing backups.

First Rule of Safety – Take regular backups. Use a good backup tool to regularly backup your files and folders, preferably scheduled to run automatically. There are lots of backup tools at different price points for every OS. An application like SARANGSoft filexpertez for individual PC backup costs just US$19.95 (one-time license fee). More advanced network backup tool like SARANGSoft WinBackup Business starts at less than US$100 for 10 PCs. It’s a very small price compared to losing all your valuable data to ransomware as well as virus or hacker attack, natural disasters, equipment (such as hard disc) failure, or accidental deletion.

Take the following steps for a secure backup arrangement.

a) Dedicate an administrative user account for backup only: Create a user account for backup only and assign administrative privileges to it. Avoid logging into this account other than backup purposes. Choose a strong password for this account, e.g., use 10 or more characters, with a mix of upper and lower case, numbers, and special characters, and avoid your own name date of birth etc. Do not store / save the password anywhere in the PC.

NOTE: Do NOT use names like “backupuser” or “mybackup” or “backupadmin” etc. for the backup user account, which can be guessed by hackers. Pick something different and uncommon, but definitely NOT using your name, username etc.

b) Create a backup destination accessible only to the dedicated backup user: Create a backup destination folder, either in an attached external USB drive or in the drive of another computer within your network. Assign full access of this folder to the backup user account created in step 2(a) above. Do NOT provide access to any other user for this folder, not even to ‘SYSTEM’ account. If this folder is in a different computer of your network, share it only to the dedicated backup user account of step 2(a). Follow the detailed set of steps shown in our other blog post “Steps to Create Backup Destination Accessible only to a Specific User”.

c) Use cloud storage as backup destination: You can also choose to store the backup archives in a cloud storage such as Amazon AWS S3, Microsoft Azure or one of your choice. For example, SARANGSoft filexpertez enables direct backup to AWS-S3 and Azure as part of the backup definition process. Using local storage for backup is fast and convenient. Backup to cloud involves a little more work and recurring cost, but it also provides additional safety.

d) Schedule Automatic Backup: Schedule a backup to run periodically (e.g., every night) on the computer. Identify all your important documents and folders to be backed up and include those in your backup. Ideally, a full backup should be scheduled to run once a month or quarter and an incremental backup should be done every day. You can choose depending on your own / organization’s needs.

e) Run the backup manually once and also schedule to run it using the dedicated backup user account created in step 2(a) above. Avoid logging into this account for anything other than backup purposes. Chose the “Backup Destination” folder created in step 2(b) above to store the backup data (archives).

Now even if you lose your the data in your computer for any reason, including virus or ransomware attack, you are protected because you still have a backup copy of the required data saved in another location — in local or cloud storage.

3 thoughts on “How to Handle Ransomware Threat: Be Cautious and Backup Data”

  1. This is all great information. I don’t know what I would do if I lost all of the data on my computer. I noticed there were no mentions of this virus affecting Macs. Are there any steps a Mac user should take to ensure nothing like this ever happens to them?

    1. Sorry, don’t know enough about Mac OS to suggest anything. However, Mac “Timeline” is supposedly a very good backup and restore tool. There are some Mac-specific backup products too.
      There are known issues of ransomware attacks on Windows PCs. We have not seen much of that about Macs. It’s not that Mac OS is full-proof in terms of security, but more of the cyber attacks (virus and ransomware) are targeted towards Windows PCs.
      In any case, you should ways take regular automated backup of your important data, preferably to a remote location (such as cloud storage, e.g., iCloud in case of Macs).

Leave a Reply

Your email address will not be published. Required fields are marked *