Encryption viruses may be one of the scarier viruses out there. For those of you unfamiliar with how they work, an encryption virus gets onto your system and starts encrypting documents and files. This renders the files unreadable by the applications that created them. And the only way to unencrypt the files is to have access to the encryption key used in the encryption process. An encryption virus is smart enough to leave your system files alone. It just wants your data – documents, pictures, and anything else that’s important to you. It then spreads to other computers on your network doing the same thing. In the end you’re left with an infected computer, data you can no longer access, and a ransom message telling you to pay up or kiss your data goodbye. The virus, once discovered, isn’t all that tricky to remove. The problem is that most users discover the virus too late – usually when they realize they suddenly can’t access their files. And once your files are encrypted it’s not really feasible to decrypt them.Crypto attacks are tending to target larger companies that have more at stake, for example hospitals where data is essential to operations. The rationale is easy to understand – a hospital is a bigger payday than a single person or even a small business. However don’t be fooled by this change in strategy by crypto thieves. They are still out there, and we are still seeing clients with encrypted computers.
Security software, while important and necessary, isn’t always a sufficient safeguard. Malware is always changing. Even the most up to date anti malware program is just a step behind the bad guys. Therefore in addition to having a suitable anti virus/malware program on your computer, it’s important to identify the common ways used to attack your computer and put adequate safeguards in place.
So what can you do to prevent infection?
First don’t use your admin account for surfing the web. Create a separate user account with limited system privileges, and use that account to do most of your work online. For more information see our previous blog post on the subject.
Second, watch what attachments you open. Email attachments are a common vector of attack for a reason. The ease with which we can send and receive important documents makes it easy to overlook the fact that those attachments can contain malware that, once opened, can infect your system. Therefore it’s important to think about the source of an attachment before opening it. As a rule of thumb you should never open an attachment from someone you don’t know. And even if you do receive an attachment from someone you know, do yourself a favor and double check to make sure they actually sent it to you.
Third, check that your email or webmail service automatically scans for viruses. If they don’t, then switch to one that does. In my opinion gmail is a great webmail service with robust security features and protection against a number of threats.
Fourth, don’t follow links from emails, unless you are certain they can be trusted. Links can be used to deliver malware to your system. And since a link is not a bit of code, it might not be detected by your email service or malware scan. If you receive a suspicious email contaiing links from a known source, contact that person and ask if they sent you the email. If they didn’t, it could indicate that their system is infected and is spamming their contact list. If in doubt (and you should always be in doubt, unfortunately) submit the link in question to a service such as VirusTotal.com. There you can upload files or scan links for malicious content.
And finally, don’t go around the internet haphazardly downloading every free program you find. Simply put, free rarely is “free”. And these programs are often a source of malware. So before you download the latest “free weather toolbar” or other widget from an unknown site, do a little homework. Often you can discover whether or not a free program is on the level just by googling it.