As the name suggests, ransomware is a type of malware that literally holds your computer for ransom, preventing you from accessing your programs and files until you
pay the crook behind it some specified amount of money, at which point you MIGHT get everything back. With word coming out recently that new, more powerful ransomware may be hitting the scene in the not-too-distant future, I thought it would be a good idea to talk a bit about how ransomware works and how you can protect yourself.
What Ransomware Does
Ransomware can infect your computer in most of the traditional ways (opening infected email attachments, following links to bad sites, malicious ads on legitimate sites, infected flash drives, and so on), and can block you from using your computer in two ways.
The first involves blocking your access to the internet and any antivirus or anti-
malware software you have until you give the criminal what they’re looking for. The
second, far more dangerous kind not only blocks access to the internet and your
antivirus/anti-malware, but will also block access to all your files by encrypting them.
Cryptolocker, the most well known of this type of ransomware, uses such strong
encryption that it cannot feasibly be cracked with current computer technology, so since the people trying to rob you are the only ones with the decryption key, Cryptolocker can really leave you up the creek. Though it wasn’t ransomware, the Heartbleed bug was revealed to be a major security vulnerability earlier this year. Here’s a blog about how to protect yourself from the Heartbleed security flaw.
Some types of ransomware are up front about the fact that they’re robbing you, and others aren’t. The ones that come right out and tell you that your files are being held hostage (again, Cryptolocker is the most well-known example) pop up a window telling you that all your files are encrypted, and the only way you can get them decrypted is to pay the attacker a specified sum of money. You are usually given a set period of time to pay the ransom before your files are permanently destroyed, and are also warned that trying to remove the software will also result in the destruction of your data.
Other types of ransomware have a more deceptive approach that uses scare tactics to get you to fork over the cash, and is actually called scareware by information security professionals. One flavor of scareware that’s been around for years is the “fake antivirus” that pops up on screen saying that it’s detected some large number of dangerous viruses on your computer and, “for your protection”, has blocked your access to the internet until you pay to download and run their fabulous antivirus software.
The only virus causing you a problem at this point is the one blocking your internet access while claiming to be on your side, but since you can’t access the internet to find out more, or even run your antivirus or anti-malware in a lot of cases, a lot of people accept it at face value.
Protecting Yourself From Ransomware
The first rule you should always follow if you get hit by a ransomware attack is that you shouldn’t pay the ransom under any circumstances. Remember, you’re dealing with criminals here, ones that are probably overseas in a country where it’s easy to get away with this kind of thing, and there is absolutely no guarantee that paying the ransom will make the problem go away.
Ransomware attacks are easier to prepare for ahead of time than they are to fix once
you’ve been hit by one. You want to prepare for the worst case scenario and assume that you will one day get hit by a ransomware attack that encrypts your files, so make sure you back up all your important files to either DVDs (or even CDs if your computer
doesn’t have a DVD burner) or an external hard drive (500 gigabytes should be good for most people and are fairly cheap). This way, your files aren’t lost even if your computergets locked up by ransomware. Just make sure that if you do use a hard drive to back up your files, you disconnect it when you’re not backing up files, otherwise the ransomware will have access to it and can lock you out of your backups as well. Also, make sure you keep your antivirus and anti-malware programs up to date with the latest definitions. Since new viruses and malware (or variations on existing types) pop up every day, those programs won’t do you any good if you don’t update them on a daily basis. Keep them updated and hope they’ll catch ransomware before it has a chance to
infect your computer.
Unfortunately, there’s not much you can do if you’re already infected with ransomware. Probably your best option at this point would be to boot Windows into Safe Mode and try to fix the problem from there, and here’s a link to a video from Norton on how to do that. They’re obviously going to recommend their own malware removal tool, there are others you can try, but it describes the general process of getting into Safe Mode and trying to remove the ransomware, which is the important part.