This year alone, ransomware has taken city, hospital, corporation and university servers hostage. The hackers gain control of servers, encrypt files, limit access and cripple organizations.
After a hospital system in Alabama was hit with a ransomware attack, the FBI reported the number of ransomware attacks has fallen in 2019 compared to 2018 this year; however, the agency warned the 2019 attacks are more costly than ever — possibly reaching $11 billion.
As organizations and law enforcement struggle to contain ransomware damage, a few white hats are stepping forward to help. They are offering free tools to undo the hackers' bad actions.
Ransomware not very sophisticated
Stepping into the fray is Michael Gillespie, a researcher who analyzes ransomware to create free decrypters for victims. In June, a new ransomware virus named LooCipher began hitting personal PCs and Gillespie was working on the watch team. Within a month, Gillespie had helped create a free decrypter for LooCipher.
According to PC Mag, Fabian Wosar, who works with Gillespie, began hunting ransomware in 2012. He has since created free decrypters for an estimated 150 ransomware families.
Much to their surprise, Wosar and Gillespie found that ransomware has not improved over time. The average programs are still buggy because they are being developed by less experienced malicious coders, or the hackers are using early versions of ransomware that were never perfected. That makes creating decryption codes easier. Here's a look at what Gillespie and Wosar do:
The two speculate the first wave of ransomware hackers got their loot and moved on without improving weak coding; however, keep in mind that as soon as the decryption tool is released, hackers find out what they did wrong and try to fix it.
Still, it's a worthy effort, with Wosar saying there's a one-in-five chance that a brand-new ransomware strain can be successfully decrypted. He also credits law enforcement for arresting hackers and retrieving decryption keys.
Going back to how sophisticated ransomware is, there is always an exception. The largest ransomware heists appear to be done by pros linked to cybercriminal gangs going after high-level targets such as businesses and city governments.
Gillespie and Wosar are just two of the white hats working to foil ransomware attackers. Others like them, and global law enforcement agencies, have created Nomoreransom.org to provide free decrypters.
Just say no
If you or your organization is hit by a ransomware attack, never pay the ransom. In theory, once paid, hackers will provide their victims with a decryption key so they can get their files back, but since hackers are generally untrustworthy, there is no guarantee they will hold up their end of the bargain. Not only could a person, company or city be out the ransom money, it still could end up without access to its systems.
That's why Baltimore refused to pay the 13 Bitcoins, roughly $100,000 at the time, hackers demanded to free about 10,000 digitally seized computers from the city. The city has almost completely gotten out from under the hackers, but at a cost of more than $10 million.
City officials estimate Baltimore lost an additional $8 million during the time the city could not process payments. This figure is expected to rise as the city pays cybersecurity experts to help avoid future attacks.
As an example of what can happen if you pay, this summer hackers took control of municipal computers in two Florida cities — Lake City and Riviera Beach City. Lake City and Riviera Beach City paid the ransom and have still not gained access to all of the data the hackers encrypted.
Also paying the hackers is DCH Health System, which saw servers in three of its hospitals in Alabama held hostage by ransomware. It's unknown how much the company paid the hackers.
Defending against spearphishing and ransomware attacks
Be cautious with links
Do not follow web links in unsolicited email messages, it could be a phishing attack. If you need to contact a business or website, make sure to type the web address directly into your browser. This way, you know you're not clicking on a malicious link that could lead to a spoofed site and stolen data.
Set up two-factor authentication
Two-factor authentication (2FA) means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible idea. If your credentials are stolen from one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. Tap or click here for new ways to come up with secure passwords.
Back up your critical files
Protect all your devices in one account with IDrive. Save 90% on 5 TB of cloud backup now! That's less than $7 for the first year when you sign up here.
Check your phone for these dangerous apps with 335 million installs
A brand new batch of infected apps has been discovered on the Google Play Store, some of them with millions of active installs to their name. Here's what security researchers found, as well as what you should keep an eye out for the next time you try to download an app from Google's risk-filled store.