Imagine it’s an otherwise typical day. You wake up, head into the office, pour yourself a cup of coffee, and settle in to get some critical work done before its due. Something is different this time. Instead of your computer booting up smoothly and showing your desktop, you’re greeted with a scary-looking window featuring an image of a large padlock. Text in that window tells you that your data has been locked down, and will be permanently inaccessible after a few days unless a ransom is paid. The amount and method of payment may vary, but the threat does not: Pay up or never see your data again.
You’ve just become the latest victim of a ransomware attack.
So what is ransomware? Simply put, it’s malicious software that locks down data unless a ransom is paid, hence the name. It’s relatively new as far as malicious software goes; the first known version hit the scene in late 2013. But it’s far from benign, as thousands of computers have fallen victim to it since that infamous debut.
Ransomware likely came about as a result of both improved education of computer users and the work of both computer security professionals and antivirus companies. Just a few years ago, it was common for users to infect their computers by clicking malicious links they received in an e-mail message. At the same time, the various antivirus companies seemed to be locked in a constant game of catch-up with virus creators as more and more malicious programs were released. Nowadays, not only are people more savvy about what they click and what they download, the antivirus companies have made significant headway against global hackers and malicious software creators. This has led to those groups seeking more novel means by which to maintain their revenue streams without turning to old techniques such as credit card fraud.
Like most types of malware, ransomware generally infects computers through clicking an unsafe link or downloading unsafe programs. These can come in e-mails, torrents, botnets, or other forms of transmission. Unlike other types of malware, ransomware isn’t removed when the computer’s owner flashes the BIOS, wipes the drive, or attempts to return to a prior restore point. The program locks down user files and the ransom demand is made, while a unique decryption key is created and stored on the hacker’s servers. If the ransom is not paid in time, or if any attempt to alter the program directly is made, the decryption key is permanently deleted, rendering all encrypted files inaccessible. If the ransom is paid in time, the decryption key is transferred and the files will be decrypted. The ransom is usually demanded either in a currency like BitCoin or sent through a service like MoneyGram and loaded onto untraceable prepaid credit cards. Because the ransom leads to the files being released in most cases, this has led to desperate people simply paying the ransom instead of looking into alternative options. This emboldens the hackers, encouraging them to find more and more unscrupulous ways to make money.
Ransomware is more than merely a nuisance. While the infected computer can still be used, the risk of losing valuable data can impact productivity. With that in mind, there are ways to counteract or avoid a ransomware attack. The best defense is to remain vigilant. Like any malicious software, ransomware relies on social engineering to get users to click links and download the program. If users can avoid clicking the link that promises to lead to an outrageous video, or download the ‘free system scan’ program in the ad on a random website, they can avoid inadvertently allowing ransomware and other malware onto their computers. Also, keeping antivirus and firewall software up to date will help keep a computer from being remotely taken over and used as part of a botnet.
The other defense is to maintain consistent computer back-ups. Since ransomware encrypts data on the computer, hackers count on those files being the only ones of their kind in existence. If there is a current data backup, then that takes a large advantage away from the hackers. After all, why would someone pay a ransom to have their files decrypted if they have a recent backup of those same files that they can copy back onto a computer? Computer users should not only maintain a daily backup of their files, but they should also remember to disconnect the backup hard drive after each use. If it’s not feasible to keep a physical hard drive around for backups, cloud storage can also be utilized in order to keep files safe and secure.
If the worst does happen and a computer is infected by ransomware, the important thing is not to panic. Many antivirus companies now have fixes available to combat the most common types of ransomware. The fix can be downloaded from the company website and put on a USB flash drive, which can be plugged in when the ransom screen appears. Unfortunately, new types of ransomware are constantly being developed and released, so the ransom may have to be paid if the computer is infected with one of the newer programs.
When it first came onto the scene in 2013, ransomware caused a significant amount of panic due to its novelty and method of attack. Since then, experts have made significant strides in combating this type of malicious software. Small business owners can be especially vulnerable to ransomware attacks, as they may lack the funds to institute strong security measures. However, as long as data is kept safe and protected and users remain vigilant, ransomware can be defeated before it gains a foothold in a computer.
Published on 21st March 2016 by Carl Fransen.