We kid you not. Ransomware is now the most prolific serious threat facing the average Internet user, and reports of ransomware infections are more widespread than ever. It is now the ‘go-to’ malware for serious cyber-crooks.
And now it’s time to get educated. Before it’s too late.
Ransomware is online blackmail and extortion. And the most serious thing about it? If you get infected, your choices are seriously limited. Unlike most types of malware, you can’t just remove it and get on with your life.
Why? Because a serious ransomware infection means you will probably lose everything on your computer. Period.
Ransomware became popular in 2013 when Cryptolocker spread prolifically, netting its creators hundreds of thousands of dollars. Since then more advanced strains have appeared, including TelsaCrypt, and it doesn’t look like it’s going anywhere anytime soon.
How does ransomware work?
Put simply, it encrypts all of your important files. And that’s the near-enough unbreakable encryption. The kind of encryption that the FBI and other authorities hate. No backdoors. No super computer processing power fast enough to crack it. No if’s. No but’s. Unless you have that all-important decryption key, you’re not getting passed the locked door.
Once a computer is infected with ransomware, it searches for all your important files. Those music files. Video files. Photographs. Text documents. Graphic design work. Spreadsheets. Powerpoint presentations. All those files on your computer that you want.
Once it finds them, it encrypts them.
Once that encryption is complete, the ransomware will then let you know (usually by leaving instructions in your file folders) how to decrypt them. And this means paying a ransom. Basically, your computer files are being held to ransom.
Once you make that payment, the ransomware purports that a decryption key will be sent to you so you can unlock the encryption and regain access to your files.
How does ransomware infect my computer?
In terms of its distribution and infection techniques, ransomware isn’t special. It can’t infect computers in any special or especially damaging way. It relies on the tried and tested methods that other types of malware already rely on to infect target computers.
Most popularly, ransomware infects machines through malicious email attachments. This is when an email comes through to your inbox containing an attachment. The email will use any number of social engineering tricks to lure the recipient into opening the email attachment and in the process infecting their computer. (In fact, read our article containing 10 examples of malicious ransomware-containing attachments here.)
However ransomware can potentially spread in other ways. It can exploit out-dated software vulnerabilities, zero-day vulnerabilities, it can bait users into installing it by tricking them into downloading harmful files when visiting malicious websites, it could be passed to a computer when infected storage devices are plugged in, or it could attach itself to otherwise legitimate but compromised software.
How do I avoid ransomware?
Taking the above into consideration, you avoid a ransomware infection very much like you would avoid any other malware infection. The only difference with ransomware is that if you fail to protect yourself, the stakes can be a lot higher. No one, after all, wants to lose all their data.
So avoiding ransomware means keeping your software up-to-date, and avoid using unsupported software (like Windows XP and earlier versions of Internet Explorer.) Only ever open email attachments that you were explicitly expecting from a specific person. Never download files from untrusted websites, even if they appear legitimate. And of course have a reliable antivirus software program installed, whether it’s a free version or a premium version, and remember to run regular system scans.
Is there anything else I can do?
Yes – back up your data! Back up all your important files to a storage device not connected to your computer. SD cards and USB sticks are now capable of storing many gigabytes of information so there really is no excuse! Or you can go ‘old school’ and back-up to rewriteable CDs and DVDs!
This way, if ransomware does infect your computer, you won’t lose those important files. You can revert to your backups.
What do I do if I get infected with ransomware?
Can’t I just contact the authorities and trace the payment back to the criminals?
No. Because ransomware criminals don’t just ask you to wire the money to their bank accounts. There are a number of online tools designed to protect anonymity on the Internet, and two of those tools are the Tor network and BitCoin.
In the instructions left by the ransomware, the victim is told how to install a Tor client on their computer and set up a BitCoin account, and then how to pay the criminals via BitCoin. The payment cannot be traced back to the recipient.
Can’t I just remove the ransomware with my antivirus software?
Well, yes you can, but this isn’t the solution you wanted. Ransomware, like any other type of malware, can probably be removed when you run a good antivirus program.
However this doesn’t decrypt your files. The ransomware has already done its job – encrypting your files. Removing it does little (nothing) to help you regain those important files. The only way these can be decrypted is to be in possession of the decryption key.
Can’t I just pay the ransom?
The problem with paying the ransom is that criminals are inherently untrustworthy, and as such we certainly don’t recommend paying up. There is nothing to stop the criminals from simply taking the money and not providing the decrypt key, or worse, trying to extort you for more money, which is likely.
But of course it’s not us with ransomware on our computers and it’s not our files that have been encrypted. Have people paid up and got the decrypt key? Yes. Have there been people who have paid and not been given the decrypt key? Yes.
But not only does paying up mean you risk losing not only your data but your money as well, it also provides motivation for ransomware criminals to persist, and to continue targeting more innocent victims. There is more than just your data at stake here.
There are people who say they can decrypt my files for me?
Most ransomware uses extremely strong encryption, meaning no one can realistically retrieve your files. That hasn’t stopped many people claiming they can help – however most reports suggest these are more criminals just looking to cash in on desperate people trying to get their files back. We certainly wouldn’t recommend trusting them.
So what are my choices?
Well, you have two. You can pay, which as we state above we don’t recommend. Or you can put it down to a lesson learned and accept your files are gone. Either way, make sure you remove the ransomware infection using good antivirus software. MalwareBytes is a good choice. You may also consider a full system recovery on your computer to put it back to factory settings. Then you have the difficult task of simply deleting those encrypted files. Without the decryption key, they’re useless.
It is vital for people to educate themselves about online scams and how malware infects your computer. Malware is more sophisticated than ever and ransomware is a demonstration of that. Keeping your computer malware-free has never been so important.