But, wait! The intention of this article is not to create panic. Even though you should panic if your computer got infected and you didn't backed up your files recently (last day or night before the infection).
The ransomware primarily works by phishing the victims through e-mails campaign, using some sort of social engineering, and/or sending an infected file. With social engineering, the victim get a “legit” e-mail from an apparently known sender, like a credit card issuer or a financial institution letting he/her know that he/she needs to take immediate action by updating or changing some facts/data about his/her account, because his/her information has been compromised. The attacker creates this psychological urgency and the victim response the email by clicking the sent link, which could be an institution fake web page/portal that looks similar or identically to the legit institution where the victim submits the requested information (social security, birth date, postal and/or physical and postal addresses, full name, etc.). You should know that no company will request these actions by e-mail. In the worst-case scenario, they will call you directly or ask you to visit one of their branches or offices. Another thing to consider is to look carefully at the sender's e-mail address, and to check after the ampersand domain. For example, if the recipient is someone from gmail, its email domain should be email@example.com not firstname.lastname@example.org, email@example.com, or any sort of variations that looks or phonetically sounds like the original one. In addition, you should verify the web page address that the attacker directs you to. Let’s say that you should be on www.sapientcoach.com, but you can notice minor differences like www.saplentcoach.com (there is a lowercase "L") or www.sapientc0ach.com (there is a number "0"). Sometimes, the preferable and easiest way for attacker to get full control of the victims' computers is by sending attached files (executables, installers or images, among others), which once downloaded or ran, will infect the computer.
Another commonly used way to attack is by infecting portable storage devices, better known USB drive/pen drive. Let's say you found a portable pen drive, with 128 GB of storage capacity, and a USB type 3 model. You will think that you are so lucky and will plug it into your computer and, pum! You got infected. Never insert a found pen drive in your computer, unless it is an isolated and protected one, where you can check for viruses and infections.
So, to prevent an infection, you should follow these recommendations:
- Never provide personal and institutional information through e-mails or web pages.
- Check for fake portal or web pages.
- Never click on hyperlinks/content inside your e-mails, if you have doubts about its origins.
- Never download attachments from unknown recipient or emails.
- Never plug in or insert found pen drives.
- Keep your system and applications updated with latest patches and/or versions.
- Have an updated antivirus, antispam and antimalware in place.
- Keep reading news, blogs, and technology portals.
- Backup your files on a regular basis (daily, if possible).
- Check other recommendations in this blog (SapientCoach.com)
Author: Gilberto Crespo, MSCE, CDIA+, CIP, ITILv3
Computer Engineer & Technology Blogger