As an IT professional I can tell you that, although Malwarebytes is one of my favorite tools and most recommended options for security, this article is a bit misleading. I have been up against the very worst case scenario of ransomware once, and in total I’ve battled with it 11 times. That’s not counting the FBI screenlocker instances. The bottom line is, and Malwarebytes confirms this in other articles, there is NO WAY to prevent it. You can avoid it, but you need to be prepared to react.
Ransomware has now compromised machines just by visiting an infected website – without clicking anything. Because it often uses you as it’s main access point there is no security tool to put in its path. If you click on something you shouldn’t – kiss your data goodbye. Once your stuff is infected your options are to pay the ransom, or to restore from backup. There is nothing else.
The FBI no longer advises paying for the same reason stated here. If you pay you contribute to the issue by making it a lucrative transaction for the bad guys. However, there are times when paying is the shortest path to a resolution and when your business is down because of an infection paying $500 sounds like a fair price.
The problem with paying is that you may or may not get a key. Even if you do get a key it may or may not work. I’ve have been in all three situations, keys that work and we go on our merry way, keys that never arrived (spam filter maybe) and keys that arrived but did not unlock the files. This does nothing to help with the confusion or make it an easier decision.
Your only defense, especially for critical business data, or data that would break your heart to lose such as old pictures, are education and backup. You MUST educate your users or family members so they learn to recognize attacks, these guys are getting smarter and better every day. Emails no longer contain sob stories about Widowed Nigerian Princesses, they are now targeted, again more so toward businesses than anywhere else. They will now research your company so they can send emails referring to people in the organization so their Click Here! attempts look even more official.
It is a complete jungle out there, and if you do not have a good, solid backup you are playing Russian Roulette every time you touch your mouse. Your only option for recovery is backup, but it must be a backup that is not plugged into the USB port. You can hook up an external drive and make a backup, but after that, you must unplug that drive and stick it on a shelf. This manual approach makes it unlikely that the average Joe will go through the steps necessary to keep their data safe. There is also too much room for error. If Joe gets distracted he leaves the drive connected, then Joan sits down and clicks the wrong thing and that all folks.
None of the tools we have come to count on daily will protect you. Dropbox, Google Drive, and OneDrive are all targets and any data they contain will be corrupted. Your backup must be either completely disconnected from the computer or better yet, in the cloud. If you use a cloud product be sure it does not keep a connection open to the backup repository such as a mapped drive, and make sure it does not backup every little change. You want something that runs on a schedule at night which gives you time to prevent it from overwriting your good data with bad. Even better still is a product which offers Versioning, which allows you to go back in time a day, a month, etc. to recover good data that’s been corrupted or overwritten.
Be proactive, get ready to recover from a disaster now. Treat the idea of Ransomware as equal a total drive failure, your stuff is toast. The only option is to educate and prepare, but thankfully being prepared by incorporating a good backup tool into your home or business is not a great expense. A $5-$10 a month bill for a good quality backup product is cheap peace of mind if you know how bad the picture really is.
And the big picture is bad… if any of this is not clear you absolutely need to approach an IT Pro for help.