Tue11212017

Last updateFri, 29 Jul 2016 8am

Back You are here: Home Security Malwares What is Ransomware

What is Ransomware

This is serious stuff, so let’s keep the definition simple. We know what ransom is, right? “Ransom” is a sum of payment commonly money, demanded or paid for release of something. Parsing the “ware” part is software installed that would invoke the ransom threat on your data files, folders, or your whole computer. The ransom may start at $500.00 and increase as you refuse or delay to pay the ransom.

Another point of view, Ransomware is considered a "scareware" as it forces users to pay a fee (or ransom) by scaring or intimidating computer owners. In a sense, it is similar to the FAKEAV malware that has been around for a long time but using a different tactic. Instead of capturing the infected system or encrypting files, FAKEAV coaxes users into purchasing their bogus antimalware software by showing the fake antimalware scanned results.

No matter, Ransomware is on the rise and getting very serious.

How do you get it?

A growing number of cybercriminal organizations are using deceptive or compromised links and websites to install malicious software. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware is delivered as attachments to spammed emails. This threat is not singled out to Windows. This threat effects also Macs, Linux systems, Droids, and iPhones.

What does it do?

Once the malicious code is in the system, it is executed and the effect is immediately shown. The ransomware can either lock the computer screen or encrypt predetermined or all of the files with a password (normally an encryption key). Generally, the ransomware effect will show as a full-screen image, webpage from a browser, or popup notification. This will prevent victims from accessing their files and/or prevent the user from using their system. Below are some samples of ransom messages as they will show on the computer.

     
 
     

Recent attacks have also displayed images that impersonate law enforcement. These messages will show the instructions on how users can pay for the ransom if you decide to get your data files and system back.

What can you do to prevent this attack?

  • Keep your antivirus solution up-to-date and make sure it is running. Recommend not using free versions.
  • Keep your Operating System up to date.
  • Regularly back-up your files to an external drive and/or cloud storage.
  • Avoid suspicious sites.
  • Beware of phishing and spammed emails. Avoid clicking attachments from unknown emails.
  • Consider disabling programs unless you know the source.
  • Disable your remote access programs whenever possible. Consider uninstalling these remote access programs if you do not need their service.
  • Use two factor authentications when possible.
  • Use safe and password-protected internet connections.
  • Use strong firewalls when going to free wifi sites.
  • Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.).
  • Search on unfamiliar sites before going there or opening attached email files.

Messages from Microsoft for Microsoft Window users to help protect you as much as possible.

  • Microsoft has MAPS (Microsoft Active Protection Service) to get the latest cloud-based ransomware detection and blocking.
  • Use Microsoft Edge to get SmartScreen protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
  • If your system is new enough, consider upgrading to Windows 10.
  • If using Windows 8.1 or 10, enable file history or system protection. This will only work if the malware threat did not lock your hard drive.
  • Use Microsoft OneDrive for Consumer or for Business for your data files.

Can I recover from this attack?

Once your computer is encrypted by the Ransomware threat, you can consider your system and data files gone. However, you can recover your system with the following solutions:

  • Use safe and password-protected internet connections.
  • If you created an image of your hard drive, you can restore that image. However, you will have to have created a bootable USB drive or bootable optical disk earlier. Keep in mind that your data files will not be current.
  • If you created a clone hard drive, you can swap your hard drives. This option is quick but you will need to keep that cloned drive available and safe.
  • Reinstall your operating system. If the option is available, select the option to wipe the drive before installing the operating system.
  • If you have turned File History on Windows 10 and Windows 8.1 computer or turned on System Protection in Windows 7 and Windows Vista computer, you may be able to recover your local files and folders. This option will be dependent on the extent of ransomware damage.

Warning: The file or folder will replace the current version on your computer. The replacement cannot be undone.

Note: If the Restore button isn’t available, then you can’t restore a previous version of the file or folder to its original location.

Important: Some ransomware will also encrypt or delete the backup versions that will not allow you to do the restore actions. If this is the case, you need to rely on backups in external drives (not affected by the ransomware) or OneDrive.