Skip to main content

Crypto Ransomware – Your data used against you

Ransomware is a simple concept. They want to use your data against you causing you to have to pay them to get your own data or computer back. This can be as simple as preventing you from having access to your computer by having a virus alert show up saying you have a virus and that you need to pay to have it removed. They also will try and scare you by saying you have been viewing child porn and that if you don’t pay you are going to jail. These things have been around for quite a while and use to be easy to remove. They normally didn’t damage your files and when the computer owner understood what they were and how to remove them they didn’t cost that much.

What changed?

Back in 2013 things changed. Are ransomware called CryptoLocker was released that did something that up till that point really wasn’t widely done it encrypted the user’s files and it did a very good job at it. It rendered the file unrecoverable without the encryption key. This required the user to have to pay for the decryption key to get their files back. This means that the writers of CryptoLocker made an estimated $30 million in one hundred days of operation. This proved to everyone that ransomware could be extremely profitable if written correctly.

Malware writers started to write more and more encryption ransomware because there was money in it. This trend has just continued to this day.

How it works

Crypto Ransomware works by encrypting all of your files and charging you a fee to unlock them. Also depending on the variant of crypto ransomware it will encrypt the files on shares and external drives. It’s goal is to encrypt everything you have access to without disabling your computer. If it disabled your computer you can’t pay the ransom. Crypto Ransomware will also try and do other things to prevent recovery like delete windows restore points.

It uses public key cryptography to encrypt your files  with out ever having the decryption key stored on your computer. So even if it is caught in the act of encrypting your files there is no key to decrypt them on your computer. 

Stopping Crypto Ransomware

So how do you stop crypto ransomware? The point of crypto ransomware is that you can’t do anything to recover your files after you have gotten it. So what you have to do is backup your files but in a way that will not be affected by crypto ransomware. Look at your backup. Can software running on your computer delete or modify your backup? There has to be some kind of separation between your backup and the computer that can be infected.

If your current backup is a external drive attached to your computer then it will just be encrypted just like the rest of your files. In this case i would recommend at least getting a second hard drive and rotating them weekly. That way if you are hit by crypto ransomware you can at least restore from a week ago. Yes you will lose files but not as much as you would if you get everything encrypted. This doesn’t follow the backup 3 2 1 role but it is much better than not having anything at all.

If you’re using an online backup solution that supports versioning then even if encrypted versions of your files are uploaded you will still be able to restore a version back. The crypto ransomware can’t delete your files in the cloud or encrypt them because it does not have access to your account. This provides a layer of protection between your desktop computer and your backup.

Just look to create a layer of protection between your backup and your computer this can be simple like we have seen above as disconnecting your backup drive to something more complex like having a backup server that manages the backups for you. This is basicly what cloud backups do. Start looking at it and asking yourself can one computer delete all of my backups? If you answer is yes then there isn’t any separation.

Don’t forget about the 3-2-1 backup rule. 3 copies of your data. 2 different media types. 1 off site. The off site copy can’t be encrypted because you don’t have immediate access to it. This provides your separation.

What is the Cost of sharing?

Have you ever wondered what it cost you to share something on social media? It’s not a very easy question to answer but it is one that we should think about given that social media sites seem to want to share everything about there users when ever they possibly can.

At what point do we start to lose profit for sharing something? If you share that your having a wonderful time traveling on vacation and your house gets robbed then was it worth it? How about if you are like one girl in the news and your post you social security number online was that worth it? A life of identity theft.

The hard part about this question is it is not easily answered. Sometime there is a time factor. If you share your address online that may mean nothing but if you also share that your away from your house a few months later then your address becomes much more valuable to the would be burglar. If your profile is open to the public someone could quite easily find your address. Then just watch your profile until you post that you are on vacation.

Remember what you share is valuable to different people for different reasons. Think about what it costs you to share before you post it. You want to provide value on social media just don’t inadvertently destroy your self while you do it. It is always easy to stop something before it is started then after.

On social media there is nothing stopping people from re-sharing something you say. So even if you have your posts restricted to only your friends they still could re-share the post to there friends and so on.

Make your social media post valuable but it the ways you want it to be.

What Is Encryption

What is Encryption? If you read wikipedia the definitions is

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor”

In other words Encryption is the process of taking a message and changing it in such a way that with out the key (some pre shared information) it is very difficult to determine what original  message was. Most of the time encryption uses an algorithms to create the encrypted data.

algorithm is a self-contained step-by-step set of operations to be performed. – wikipedia

If you simplify down a encryption algorithm it basically takes two inputs the plain text and a key. The plain text is your message and they key is value that you what to encrypt the message with. Anyone that wants to read the message will need the key to easily decrypt the message. Depending on the algorithm used sometime they key can be the algorithm but that is considered to be extremely unsafe and isn’t done today. A algorithm will out put what they call ciphertext with is just encrypted data. The ciphertext is then reentered into the encryption algorithm and with the correct key will output the plain text again.

Encryption is used all over the place in computer security and will become crucial to understand as time goes on.

There is a lot more that could be said here but I want to keep it short we will continue to build on this as time progresses.