Why Encrypting Your Data Won’t Protect You From Ransomware
No one wants to be a victim to cybercriminals. It’s why we’re so keen on encryption — indeed, the vast majority of people use encryption to some extent because locking your smartphone scrambles all your personal information .
That’s exactly what encryption is: making your data unreadable without a special encryption key (i.e. a password). It’s the ultimate defense against cybercriminals, right?
Unfortunately, no. There are far too many myths about encryption that you simply shouldn’t believe. For instance, it won’t protect you from ransomware. Here’s why.
What Is Ransomware?
Let’s start by running through exactly what ransomware is . That’ll expose why encryption won’t work against it.
Ransomware is malware that comes in a few variations, but they all boil down to one main element: malicious software that scrambles your data so that only a fraudster can decrypt it. Your personal information — your documents, images, browsing history, basically everything on your device — is rendered unreadable by this attack.
If you want your files back, the scammer tells you, you’ll have to pay up. Except the fraudster fails to unlock them, or encrypts your files again, so you can’t read any of it regardless.
It hit the headlines most recently because its WanaCryptor/WannaCry variant hit major infrastructures around the globe, including the National Health Service (NHS) in the U.K. Medical institutions are especially vulnerable to cyberattacks, but even encryption wouldn’t combat ransomware.
Why Encryption Won’t Protect You
Ransomware isn’t about a scammer reading all your personal information. It’s about a scammer stopping you from getting to it.
Imagine you’ve written a book the old-fashioned way: you’ve handwritten it . Pages and pages of precious work. But so no one can read the manuscript before it’s published, you “encrypt” it by mixing up the page numbers. Only you know the right order.
Then someone steals your manuscript. They’ll give it back to you, if you pay a huge fee. Does it matter that they can’t read it because it’s jumbled up? Not at all. To add to your problems, the thief further jumbles up your pages, and only they know the order in which they were when stolen.
In this vein, it doesn’t matter whether you’ve encrypted certain files or your entire hard drive. A scammer encrypts it again, meaning your key won’t work until their key is used. It’s your padlocked safe within a scammer’s padlocked safe, if you will.
How Do You Protect Against Ransomware?
Obviously, anti-virus software is your first line of defense. Shop around and find the ideal one for you (because Windows Defender isn’t enough ). It’s well worth spending extra cash if you’re certain a particular security suite is the right one, but even free anti-virus and firewall services can adequately defend your PC. However, what you’re looking for is a tool with the ability to monitor your personal files and folders. Better still, it should be able to lock those directories from access from any applications unless specifically allowed. BitDefender is a good option here.
Naturally, it’s always important you update your system on a regular basis, so patches fix any vulnerabilities found since the last OS upgrade. If you’re running Windows 10 or 7, you’d be immune to WannaCry — as long as the system’s up to date. Similarly, Microsoft issued a Windows patch after the worldwide ransomware attack, so users of older systems will need to automate updates.
The most important thing, however, is a reliable backup of all your files. You have to make sure new files are added to it on a routine basis (pencil it in on your calendar, maybe once a week) and then unplug your backup.
Because ransomware can encrypt your backup too. If you leave it plugged in, the attack can spread and your precaution is an entirely moot point.
CryptoLocker is an especially nasty example , first propagated via email attachments (using a phishing technique ). Once in your computer, it scans the hard-drive for file extensions and additional connections — which not only means it’ll encrypt a backup drive connected through a USB, but also that it infects cloud systems !
Obviously, you should abide by general security practices regardless. Not downloading suspect files will help in the fight against any sort of malware. Equally, checking a site is the real deal is always advisable. There’s one other way to help keep your data safe, aside from if ransomware hits…
What Use Is Encryption?
Yes, we’re back to encryption.
Let’s not get carried away: encryption might not work against ransomware, but it’s still a very solid form of defense against many other attacks — because it stops your personal information falling into the wrong hands.
Strong encryption is vital; basis for secure digital ID, electronic financial transactions, effective cyber-defence. No backdoors #CHCyber
— Andrus Ansip (@Ansip_EU) June 26, 2017
A passcode will prove difficult for a criminal to crack if your smartphone is stolen. If you’re submitting details online, a website’s SSL/TSL certificate will stop onlookers by certifying a genuine link between the two clients. If your data is intercepted via a public network , perhaps through a man-in-the-middle attack (MITM), it’ll be unreadable if you use a virtual private network (VPN) as long as you use one!
Your data is worth a fair amount to a scammer, but it’s worth more to you. Never underestimate encryption. But don’t forget that it’s just one tool in your arsenal against cybercriminals.
Worried About Ransomware?
Everyone should be, within reason.
Only a relatively small number of folk actually become victims of ransomware. And if you’re unlucky enough to be in that minority, you should stand by your guns and not pay up , however tempting it is.
Encryption won’t save you in such an instance, but necessary procedures should .
Have you ever been victim to ransomware? What did you do? Have you any further tips our readers should know about?