Time to Air Gap - to avoid ransomware (it isn’t rare any more)

If you ever backup files, then what you do on your computer is worth something to you: and as of this year, you can’t protect that data without getting yourself an air gapped computer. Ransomware is about to become a whole lot more common. Highly professional Chinese hackers are turning to ransomware according to recent articles, and there’s worse news: “Websites visited by millions of people daily — msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com… are accidentally pushing out booby-trapped adverts via ad networks, warn infosec researchers.” Booby-trapped — most often — with ransomware.

Kits to create ransomware are now available to casual criminals: so no very large skill set is necessary to get into the business, and yet the ransomware out there in the wild is becoming far more sophisticated.

Cloud backups probably won’t save you from ransomware — once your computer is owned, all that cloudy-stuff is owned too, because your connected computer can get to it, and it’s been owned.

If you backup to an external drive, ransomware can easily own that, too, encrypt it and hold it to ransom… unless you have an air gapped computer. Then you can transfer data via USB sticks to the air gapped computer (that’s been set to “no autorun”) and onto your external drive from the air gapped computer. No remote hack can penetrate that gap, and get to your external drive(s) as long as you never plug the external drive into your net-connected computer (whether it’s plugged into the net at the time, or not.) Never.

Unfortunately, modern OSes, such as Windows 10 aren’t very modern. They don’t make transferring files very easy, and scatter what needs backing up. They aren’t designed with air gapping in mind: but there’s a convenient way around that. The best way to handle splitting your time between two computers — one air gapped and one not — is to stick a big USB stick into your net-connected computer and put all the active storage that has to be on that computer (that is, anything you might want to back up) onto that stick. Files, downloads, clipping, pictures, music, itunes — all of that.

Divide the stick into two folders — one for retained files that aren’t sensitive that you’ll want to have around on the connected computer, for convenience. The other for files that can go straight to your air gapped computer and be erased from the USB stick.

At least once a week, transfer all those files to your air gapped computer. Copy both the “Retain” and “Active” folders over to the air gapped computer and to your external hard drive, then delete the Active folder entirely from the USB stick. (It shortens the life of the stick, but if sensitive information comes to you via the connected computer, you may want to overwrite that USB stick with junk files and then delete them, now and then, too, so they can’t be recovered.) Make sure you empty your trashcan on your connected computer every time you transfer, too, as soon as you pull the stick out; to make it more difficult for malware to recover files you’ve deleted.

Also, try to do all the work you possibly can on your air gapped computer, since all your work will end up there anyway; and it’s vastly safer being there to begin with.

Lastly, consider purchasing a third, cheap Chrome OS computer that you’ll use only for online purchases, and online banking, NOTHING else, ever. (Or convert an old computer to Linux or the Chrome OS for this purpose.) Keep checking your credit card receipts to make sure all the charges are legit, so you can reverse those charges while that’s allowable.

The big reason almost all of us now need to have an air gapped computer, is to give us a safe place to plug our external drives into, one that doesn’t expose them to ransomware.