Earlier this week, I was attacked by ransomware. It's a new type of malware that encrypts the vast majority of files in a computer. PDFs, image files or Office documents are just some examples of the targeted files. In most cases, the only way to decrypt files is to use the tools provided by the attackers, which have to be bought according to their instructions. But how did this happen to me?
It has to be said that I was definitely not prepared for something of this magnitude, even though I had backups of my most important files. Sure, I read many articles stating that these kind of attacks is becoming more widely used, but you never think it can happen to you.
My best guess is it came with a setup .exe file I had downloaded from a slightly shady website. I executed the file, the installation failed and Windows Defender warned me about a threat. But nothing happened afterwards, so I just deleted that file and went on with my life.
The next day, I was working on my computer as usual when, out of thin air, my browser opened a web page explaining that my files had been encrypted by Cerbus, a new but strong ransomware, along with a somewhat spooky recording: “Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!” (reproduced here).
The page I mentioned also had all the instructions on how I should proceed in order to decrypt my files. In this case, the attackers had, during 5 days, a “special price” to offer me: 1.2525 bitcoins, roughly $530. After that period, the price would double.
After the initial shock, where I noticed that almost all my files (as you can see in the screenshot above, showing my Pictures folder after the attack, Cerber does not attack .ico files) turned into .cerber files and had random strings for names, I put myself together and realized this attack would not affect me that much, because I had backups. So I just formatted my SSD, reinstalled Windows, put my files back and carried on.
I was left thinking about how ransomware works, and how we can be prepared for it. For starters, ransomware is a quite smart move – while the common user like me will definitely not pay that much money for files that, in most cases, are backed up, companies with important and sensitive files on their computers and servers will probably do it.
This makes ransomware quite lucrative for attackers, which is why it is becoming more and more used. For example, spyware is powerful and dangerous, because it retrieves sensitive information about the users, but it is not as immediately lucrative for hackers as ransomware can be.
But what can be done to mitigate the nefarious effects of ransomware? A few things, actually:
- Having a good antivirus: Windows Defender did warn me about a threat but, apparently, was unable to eliminate it.
- Regularly create system restore points: ransomware only attacks once so, if you have a restore point created before that attack, it is very likely that you will be able to access or recover your files, at least in order to make a copy of them.
- Backup your files: this one is quite old, but still up to date and guaranteed to be the best line of defense. Try backup your things in regular (and short) intervals and, if possible, in more than one place.
I hope that my example can be helpful, in order to convince you of how important it is to be prepared for any eventuality. For as careful as anyone might be, hackers are always becoming more and more resourceful, so every defense mechanism is essential.