How can you get infected?

The malspam uses social engineering to deceive people in order to open attachments or click on links that seem legitimate, appearing to be from a trusted institution or a friend. Cybercriminals employ social engineering in other types of ransomware attacks, such as presenting themselves as the FBI to scare users and force them to pay a sum of money for unlocking the files.

Another usual infection method, which peaked in 2016, is malicious advertising. Malicious advertising involves the use of online advertising to distribute malware with little or no user interaction. While surfing the web, even through legitimate sites, users can be taken to criminal servers without clicking on an ad. These servers classify the details of the victims' computers and their locations and then select the most appropriate malware to send. Frequently, that malware is ransomware.

What to do if there is infection

But let's be clear: Not all ransomware families have decrypters created for them because, in many cases, ransomware uses advanced and sophisticated encryption algorithms. And even if there is a decryptor, it is not always clear that it is for the correct version of the malware. And you will not want to further encrypt your files using the wrong decryption script. Therefore, you should pay close attention to the rescue message itself, or even seek the advice of a security / IT specialist before trying anything.

Other ways to deal with a ransomware infection are to download a known security product for disinfection and run an analysis to eliminate the threat. You may not recover all your files, but you can be sure that the infection has been fixed. In the case of the ransomware that blocks the screens, you may need to perform a complete system restore. If that doesn't work, you can try to run an analysis from a bootable CD or USB drive.

How to protect yourself from ransomware

Security experts agree that the best way to protect against ransomware is to avoid infection.

The first step in ransomware prevention is to invest in an excellent computer security program, some program with real-time protection designed to thwart attacks with advanced malware, such as ransomware. You should also look for features that protect the most vulnerable programs against threats (an anti-exploit technology) and at the same time prevent ransomware from sequestering your files (an anti-ransomware component). Customers who used the Premium version of Malwarebytes for Windows, for example, were protected from the main ransomware attacks of 2017.

Then, and even if it's annoying, you should create backup copies of the data regularly. Our recommendation is to use cloud storage that includes high-level encryption and multifactor authentication. However, you can also buy USB drives or external hard drives where you can save new or updated files, but do not forget to physically disconnect these devices from the computer after performing the backup since, otherwise, they could also be infected with Ransomware

Then make sure your systems and software are always up to date. The WannaCry ransomware outbreak took advantage of a vulnerability in Microsoft software. Although the company had published a patch to solve the problem in March 2017, many did not install the update and were left defenseless against the attack. We know that it is difficult to always keep up with a growing list of updates for the growing set of software programs and applications that you use in your daily life. Therefore, we recommend that you enable automatic updates.

Finally, always be informed. One of the most common ways in which computers are infected with ransomware is through social engineering. Receive training (and provide it to your employees if you are the business owner) on how to detect malspam, suspicious websites and other scams. And, above all, use common sense. If something seems suspicious, it probably is.