Normally, falling victim to a ransom plot means that you are the son or daughter of a rich person and the only way to get out of it is by paying a ton of money or waiting for a superhero to come and rescue you. These days, being held for ransom can actually happen quite differently – through your computer. In essence a Ransomware is a type of malware that has been making headlines recently.
Only recently, an attack known as Goldeneye Petya originated in Ukraine and wreaked havoc around the world. Before that in May 2017, there was the Wannacry ransomware that brought organizations such as the UK’s National Health Service to a near standstill.
How it Works
Once ransomware gets into your computer, normally through an infected email attachment or a trojan horse bundled in a piece of software, it will lock your computer or your data in some way and demand payment to give you back control of your system. Some of the simpler forms of ransomware will simply try to trick you into thinking there is something wrong with your computer and get you to pay money to “fix” it. This is a common tactic seen in banner ads that suggest you have been infected with something. Often, with these types, you have still some control over your computer so the only real issue is that you have to deal with annoying pop-ups. A much more vexatious kind of malware will lock your computer completely and keep you from logging into your operating system until you pay the ransom. Many of these second types of ransomware will display a threatening on-screen message and ask you to pay a ransom. The worst type of ransomware is one that not only locks your system but also encrypts your files. The only way to get the decrypt key is to pay the ransom. The ransom is usually demanded via digital currency Bitcoin. Ransom amounts can vary widely but will range from a few bucks to hundreds of dollars.
How Infection Occurs
The standard attack vector is an email attachment, as is the case with other malware. The email will usually have some social engineering features to induce people to download the attachment or click on links. So, one of the ways to avoid getting infected is to avoid opening email attachments and clicking on links in emails. Other attack vectors include the traditional Trojan attack and visiting dodgy websites that host malware.
Defending Against Attacks
In addition to being careful with emails, the best defense is making sure you have at least three backups of your data. These days there are many free online cloud backup solutions that offer a free data plan that’s sufficient for most individuals and small businesses. For example, Google offers 15GB of free cloud storage for all Google account holders. Services like Dropbox and OneDrive also have free plans. These applications can be synced with your computer so that the backups happen automatically and in the background without your intervention. If you need larger storage, scaling up to large plans is cheap and definitely less expensive than dealing with data loss from ransomware. In addition to a cloud solution, you should also have two physical backups, such as an external hard drive, and they should be stored in different locations.
In addition to backups, you should install antivirus program with ransomware protection. Also, avoid using Windows from an administrator account. Set up another account that doesn’t have admin access and work from that.
If you run a business, educate your staff about ransomware and the importance of verifying all incoming emails. Install a spam filtering application to ensure spam doesn’t get through on company email.
Finally, if you do get infected there may be a way to get help. Many of the ransomware variants that don’t encrypt your data can be removed by booting into safe mode and running an anti-malware tool. If this doesn’t work downloading a bootable removal tool into a flash drive and running it may work. However, if you have been attacked by a new encrypting ransomware, you are probably out of luck since most of these new variants use very strong encryption algorithms. It is so serious that sometimes the only viable option when valuable data is at stake is simply to pay the ransom.