What is Ransonware?

Ransomware is a virus that cripples your computer, and now even your smart phone or tablet. It started out as a virus that locked down your computer hard drive and displayed a pop up screen telling you to pay money to an unknown party. In theory, after you pay the hackers you regain access to your files, however this is not always the case. If you didn’t comply with the hackers demands they threatened to erase all of your files. Reports have been made that the hackers would follow through on the threats; if you paid the money they would remove the pop up screen and you would regain access to your files. This causes people to give in and pay the money instead of looking for another way out.

The two newer and more commonly seen versions of ransomware are called Encryption Ransomware and Locker Ransomware:

Encryption Ransomware includes advanced encryption algorithms. It will block all system files and demand a payment which in turn will provide the victim with a decryption key that will unblock all their files.   Examples include: CryptoLocker, Locky, and CryptoWall.

Locker Ransomware will lock the victim out of the operating system. This denies them access to the desktop and all apps or files. With Locker Ransomware, your files will not be encrypted but the attackers will still ask for money and in return will unlock the infected system.   Examples are: Police-themed ransomware or Winlocker.

Ransomware is commonly downloaded onto a computer, tablet or phone through a corrupted link embedded in email attachments and untrustworthy downloads. Some forms of ransomware will give you a week to send a specific amount of money and if you don’t comply, the price will increase. If you fail to send the money a second time the hackers will destroy the decryption key and you will never regain access to your files.

Characteristics that set ransomware apart from other malwares:

  1. It features unbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers).
  2. It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and more.
  3. It can scramble your file names, so you can’t tell which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom.
  4. It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back.
  5. It requests payment in Bitcoins, because this crypto-currency cannot be tracked by cyber security researchers or law enforcement agencies.
  6. Usually, the ransom payment has a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
  7. It uses a complex set of evasion techniques to go undetected by traditional antivirus.
  8. It can spread to other PCs connected in a local network, creating further damage.
  9. It frequently features data exfiltration capabilities, which means that ransomware can extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals.
  10. It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.

Ransomware needs to be taken seriously; it is a smart idea to take precautions sooner rather than later. Here are a few tips to minimize the chances of being effected and to minimize the damage if it happens:

Things you should do:

  1. Don’t store important data only on your PC.
  2. Have 2 backups of your data: on an external hard drive and in the cloud.
  3. The Dropbox/Google Drive/OneDrive/etc. application on your computer are not turned on by default. Only open them once a day, to sync your data, and close them once this is done.
  4. Ensure your operating system and the software you use is up to date, including the latest security updates.
  5. Turn off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc. in the browser.
  6. Remove the following plugins from your browsers: Adobe Flash, Adobe Reader, Java and Silverlight. If you absolutely have to use them, set the browser to ask if you want to activate these plugins when needed.
  7. Adjust your browsers’ security and privacy settings for increased protection.
  8. Use an ad blocker to avoid the threat of potentially malicious ads.
  9. Hover your mouse over links to see where they are going. The address may take you somewhere completely unrelated to where the linked text says.

Online behavior:

  1. Never open spam emails or emails from unknown senders.
  2. Never download attachments from spam emails or suspicious emails.
  3. Never click links in spam emails or suspicious emails.

Greg’s extensive technical expertise spans nearly 2 decades of study and application. As a constant advocate of security and technical excellence he leads his team in staying abreast of technology developments, benefits and potential threats to business continuity and efficiency.