Ransomware is a growing and lucrative attack in the cybercrime market. The FBI reported that known incidents of ransomware numbered nearly 2,500 in 2015, equaling approximately $1.6 million in losses by individuals and businesses. And as Intego predicted earlier this year, 2016 has become the year in which ransomware is treated with the caution it warrants. Most cybersecurity companies expect the number of victims to grow this year.
If you’re unfamiliar with how ransomware works, or how to free the files it holds hostage, read on to learn more.
Cybercriminals use ransomware to encrypt data and other digital information, such as Dropbox files, and hold them for ransom. If you pay, you will hopefully get your decrypted data back. If you don’t, the information remains locked and may eventually be sold on the black market or used for other nefarious purposes.
Many individuals and business owners choose to pay the ransom. For them, access to the data supersedes any other concerns—and they may not have the skill or money to rebuild their data management systems. They need the information to keep business operations moving, prevent lost opportunities, and mitigate reputation damage.
Some of the struggle to prevent ransomware arises from how simple it is to implement. Hackers insert malicious code into anything: links, attachments, software downloads, and endpoints like Dropbox or a server. Also, when companies and businesses don’t regularly update their cybersecurity software, they are more obvious ransomware targets.
Another difficulty lies in how easy it is to hide activity. Hackers often require victims to pay in Bitcoin (such as the case with KeRanger) because it’s anonymous, fast, reliable, and somewhat difficult to trace. The Hollywood Presbyterian Medical Center, for example, paid 40 Bitcoins—equivalent to $17,000—to their attackers. To date, the criminals remain unidentified.
These factors should not cause you to despair. Rather, they should catalyze a security strategy that encompasses both prevention and recovery. If your Dropbox files have been taken hostage by a ransomware attack, use the following advice to free them.
Regularly backing up your data to an external source is critical to preventing ransomware and other types of cybercrimes. Dropbox facilitates this practice, whether you use its basic or paid versions. With the Cloud-based service, you can restore your files to a date before the ransomware was inserted.
The free version of Dropbox allows you to restore files within a 30-day time period. If you need a lengthier span of time, you should invest in a Dropbox Pro, Education, or Business account. You can add the Extended Version History (EVH) subscription to the first two account types. It allows you to revert and recover files up to a year after they were last edited.
A Dropbox Business account offers unlimited version history. Any files within your account can be restored to any date prior to the ransomware.
If a hacker captures an individual file, there are a few steps you should take.
Most hackers want as much data as they can get, so they focus on capturing multiple files at once. If that happens with your Dropbox account, you need to submit “deletion events” to Dropbox Support.
Infected files have to be submitted individually to Dropbox Support, which can be problematic if the attacker has infiltrated your entire account. If that’s the case, you can ask Dropbox Support to revert your account to a specific date. Be absolutely certain you want the support team to perform the action; it can’t be undone.
Compromised shared folders behave somewhat differently from multiple files. While the process to restore them is the same, there are two prerequisites.
Once your shared folders have been restored, follow steps four and five above to unlink, scan, and reconnect your computer and devices to your Dropbox account.
Ransomware attacks like Locky and Cerber will change your files’ names. If this happens, you have a couple of options.
As with reverting files and shared folders, you should disconnect your computer and connected devices from your Dropbox account and run a virus scan. Reconnect them when the scan produces a clean bill of health.
Ransomware is on the rise, but you can fight it with security best practices. Back up data regularly in Dropbox, and then implement a recovery plan for files and folders that get infected. Finally, make sure to emphasize online safety practices, especially if you have kids. A good defense is often the best offense you’ll have against ransomware and other malicious programs.
