Ransomware has suddenly become a very big deal, now that it is literally a life and death matter with viruses hitting hospitals and encrypting patient records. Hollywood Presbyterian just paid hackers $17,000 to get their decryption key for their hacked records, and hospitals in Germany and Ottawa have been victims of ransomware in the last month.
Two factors are accelerating the problem: 1) Ransomware is now being written to execute Javascript instructions, which means viruses can be hidden in PDFs, and potentially browsers and 2) The people that write this malware are now offering it out on commission, taking a cut of the ransom as opposed to attacking targets themselves. This means the number of people putting out ransomware is going to expand dramatically in the next few months.
What's really frustrating is that it's really not that hard to avoid most current ransomware in your computer or company network, if you follow some basic steps, and share them with your fellow employees. Right it seems the best defense is education (and good antivirus software). The following is gathered from research I was conducting for a film on the subject.
1) If you notice an email contains an *.rar attachment, be very careful. Especially if the word 'Invoice' is in the subject line of the email.
2) Uninstall Internet Explorer. Its technology is just too old to defend itself. Microsoft's new browser Edge is fine.
3) For now, be suspicious of all Word files attached to an email. Never open a emailed Excel file with macros unless you are absolutely certain of the sender.
4) If you realize you opened a malicious file, physically unplug your machine immediately. This is what a hospital in Germany did recently to stop the spread of its ransomware. Even if nothing happens right away, if you think you've opened a bad attachment, it is best to shut down and call someone who can help, as some of the newest ransomware is designed to sit silent for a few days, so you may be in the clear if you get help.
5) The newest ransomware works with Javascript, so to be safe disable Google Chrome PDF Reader for now. It may handle Javascript in a manner other browsers don't.
6) Disable JavaScript in Adobe Reader and Acrobat. Click Edit > Preferences and uncheck Enable Acrobat JavaScript. You'll get a annoying warning every time you open a PDF with JavaScript, but ignore it.
7) Hackers will sprinkle infected USB flash drives in parking lots and company lunchrooms, counting on someone curious to plug it in, and bang, there's your ransomware. Never plug in a flash drive of unknown origin. This is probably one way the Stuxnet virus got into into Iran's centrifuge computers.
Ransomware is like a brushfire right now, and like a brushfire, it's hard to control. Hopefully the 7 commonsense steps listed above can help.