You boot up your desktop one day after work expecting to enjoy your evening gaming or browsing social media but instead a red screen flashes onto your monitor.
It tells you that you need to pay some money or bitcoins to an unknown company in the next 24-48 hours or else you can kiss your hard drive goodbye. Everything on the system will be erased forever!
That might sound like a dystopian nightmare but ransomware, like I describe above, is a very real threat that affects people and even companies every day!
Ransomware is a particular type of malware that will encrypt your hard drive essentially holding it ‘ransom.’ If you pay up in time then the shady people behind the virus will give you the encryption key, thus letting you back into your computer.
Hackers started resorting to more and more creative ways of extorting money from average users as antivirus programs get stronger and stronger.
Types of Ransomware
Ransomware popped up for the first time towards the end of 2013. The first one was called ‘Cryptolocker’ and took the internet by storm. In a very short period of time online forums got absolutely flooded with unfortunate victims reporting that an unknown virus of some sort had locked down their hard drives.
Cryptolocker took control of any valuable looking files and folders and demanded an extortion payment to return what they took. Since ransomware was still unheard of it had no problem spreading like fire through thousands of computers through phishing web links and suspicious downloads.
Security-savvy users banded together and tried everything they could think of to stop the attack including system resets, installing new hard drives and even flashing the BIOS but nothing seemed to work. All they could see is the attacker’s popup with a timer telling them how long they had left.
The worst part was that reports starting filtering in that the people who made Cryptolocker would actually make good on their promise. If you paid up they would remove the virus.
While that sounds like a good thing it quickly turned into a bad situation. Desperate people would pay the ransom instead of looking for alternative solutions.
When the money started flooding in hackers all over knew they had a new way of making a quick buck. This would lead to ransomware spreading and growing even to this day.
Worse still this was probably the most reliable way for hackers to make money. If you install a key logger onto a computer you have to wait and hope that they type in their credit card number. With ransomware, you’ve almost assured a consistent payday.
Ransomware that made News
Cryptolocker may have pioneered the industry but as Datto points out, the botnet spreading the virus was shut down in 2014 so it’s largely cooled down since then. The hackers managed to make more than $3 million before it was shut down and to this day many people use ‘Ransomware’ and ‘Cryptolocker’ interchangeably.
When Cryptolocker was largely shut down Cryptowall stood up to take its place on the throne. It works in largely the same way, locking down your hard drive till you pay up.
CTB-Locker took a more enterprising approach to its virus distribution. Instead of trying to infect as many people as possible they outsource it to partners who then get a cut of the profits. This has contributed to one of the fastest infection rates among any ransomware!
Another that got headlines recently, Locky gets sent out as an invoice via email and when someone activates it they get a nasty surprise.
KeRanger is a far less popular type of ransomware but it’s worth noting because as Ars Technica pointed out, it’s the first capable of locking down Macintosh computers.
How does Ransomware spread?
Ransomware is spread through social engineering - basically tricking a user into doing something they think is safe, but is actually a trap. Here are a few common ways Ransomware spreads:
Opening Malicious PDF Attachments:
Hackers can pose as legitimate sources like a bank or mail delivery company to try to get you to open their attachment. Another tricky method they use is asking you to confirm a shipment or purchase, and when you open up the attachment they hit you with the virus!
Infected Word Documents:
Another email-based attack, hackers can send word documents to unaware users and ask them to enable macros when they open it up. If they do the hackers win and it’ll install the ransomware.
Not every attack has to be email based though, one of the carrier ones is hackers can Compromise a Website and simply visiting the site will infect your system!
Who creates Ransomware?
Viruses in general are created by a variety of hackers and criminals. Many viruses, especially back a decade or two, were created by bored cyber security students as a prank or to boost their self-esteem.
Unfortunately, ransomware isn’t the same story. Hackers that create polished, well-programed ransomware are in it for the money. You can read more about it in the differences between antivirus and antimalware.
Malware and virus creation is big business for talented programmers and many are willing to resort to criminal activities to get a quick (sometimes quite large) payday.
How to Remove Ransomware?
Ransomware isn’t the big scary monster under the bed that it used to be when it first came out. But that doesn’t mean that every type can be treated. The very best protection against ransomware is prevention and keeping backups, the very best protection is avoidance.
We’ll get to both later, but for now, let’s say you already got infected, what now?
If your computer is infected with ransomware, you expect two things:
- Get back the infected files which are encrypted with complex algorithms.
- Stop the encryption process and protect your files.
How to decrypt Ransomware Files?
Once files are encrypted, they can be opened only using a key which is unique to each user.
There are ransomware decryptors developed by various security developers around the world. These tools can detect your encryption format and decrypt files for free.
MalwareFox has a huge list of ransomware decrypt tools available. You can search for the specific name on this page and if it is listed, follow the instructions to get back your files for free.
If you are unable to find the ransomware variant infecting your computer files, then you are out of luck.
Only option is to negotiate with the attacker. Instead of paying full amount to decrypt all files, you can make a deal to decrypt particular important files for smaller amount of ransom.
What is the Best Ransomware Protection?
Best way to protect your computer from Ransomware is to make yourself less vulnerable to attack.
It can be done by following the steps below:
Patch your System
Keep your Browser, Operating System and other software apps up-to-date.
Make secure copies of your data on a regular basis and store them offsite.
Invest in Layered Security
Installing multiple layers of cyber security protection can detect and block ransomware attack before they happen. Read more about Layered Security to configure yourself.
Educate Yourself and others
One of the most common ways that computers are infected with ransomware is through social engineering. Educate users on how to detect phishing campaigns, suspicious websites,and other scams.
Get a Proven Anti-Ransomware Solution
- Detects Known and Unknown Malware
- Fast and Lighweight
- Includes Web Browser Cleaner
- Ransomware Protection
- Zero Day Malware Protection