Ransomware is a growing threat in today's cybersecurity landscape. The City of Atlanta was hit by a ransomware attack. The city decided not to pay the ransom of $52,000, and have spent $2 million as of April, and could possibly cost another $9.5 million to fix [1] . I'm not an expert on ransomware so this guide on how to mitigate ransomware attacks is by no means comprehensive, but you should be able to thwart ransomware if you follow my recommendations.

What is Ransomware?

Ransomware is malicious software that encrypts your data and holds it for ransom. The attacker holds the encryption key, and will provide it to you if you pay the ransom, allowing you to get your data back. Ransomware owes a lot of its growth to the emergence of cryptocurrencies such as Bitcoin, as it provides them a much easier way to get paid without getting caught.

How Do I Protect Myself Against Ransomware?

The best way is just to avoid getting infected with ransomware in the first place. The principles from my phishing post apply: avoid clicking on links in emails. Also, don't plug random flash drives or other memory devices into your computer. Follow general computer security guidelines.

Of course, nobody's perfect. To further protect yourself, you should have secure backups. If you backup your files to a network drive that doesn't need authentication every time you access it (which is quite common), then the ransomware program can also access the network drive (and therefore also encrypt the data on it). For backups to be effective against ransomware attacks, they must not be writeable by the ransomware.

Any Cloud Backup that Keeps Old Versions

Basically any cloud backup service, including Backblaze, does this. So long as you have an old version of your files, you'll be able to restore the uninfected files. As mentioned previously, Backblaze (affiliate link, thank you for supporting my blog) versions of your files up to 30 days old.

An External Drive that Isn't Always Connected

Obviously any drive that is not connected to a computer at the time your computer is infected with ransomware can't get infected.

Of course, if you follow the principles of good backups, your backups should be automated. Having to plug in an external drive to make your backups, and then unplugging it when you're done, is not conducive to automatic backups. However, you could have one set of automated backups to an always connected external drive, network drive, or the cloud, and have another set to an external drive that you manually connect every so often.

Authenticated Backup

One way to prevent this is via authenticated backup. For example, if you backup your files via SFTP (FTP over SSH), you must enter your username and password, or provide a keyfile. If you use the username and password option, the ransomware isn't going to be able to log in because it doesn't know the username or password. If you use the keyfile option, the ransomware could technically be designed to find the keyfile on your computer, but it is unlikely that it would be designed that way, unless it was specifically designed by the attacker to target you. These ransomware programs are usually written for the least common denominator, which is not a tech savvy person.

Again, backups should be automated, which is not compatible with typing your username and password every time. You should either use a keyfile or use the next method, ZFS snapshots.

SFTP backup services are not that common for individuals though. You're probably better off with a cloud backup service, unless you have control over a remote server.

ZFS Snapshots

As I mentioned earlier, ZFS is a filesystem that has the ability to make read only snapshots of the filesystem. Ransomware will not be able to edit these snapshots. In order to delete a ZFS snapshot, you must have superuser permissions. If someone is able to gain superuser permissions on your computer, they can do pretty much anything they want to your computer, so at that point you've got bigger problems than worrying about ransomware.

Unfortunately, ZFS is incompatible with Windows (though a port is in the works), so you'd need a network drive that uses ZFS in that case.

  1. Engadget ↩︎