Ransomware is a type of malicious software that holds your computer hostage until a ransom demand is met. The vice took the IT world by storm in 2013 with the launch of Cryptolocker, malicious program that infected computers and changed the login credentials effectively denying users access their computers. More recent ransomware variants encrypt the files on a computer.
To confirm that you have a ransomware infection, look out for the following:
- Your computer files are encrypted and completely inaccessible to you. Not all the files may be encrypted though sometimes the entire hard disk can be encrypted. Hackers know the type of files that are important so you may find that only certain types of files are encrypted. For example, Word, Excel, Powerpoint, PDFs and image files are a common target.
- Secondly, you will have an on-screen message informing you that your files have been encrypted or that your computer has been locked. The message will usually go on to provide detailed instruction on how to get your files back or unlock your computer. The method of payment will almost always be via Bitcoin though, in the past, payment has been requested via Amazon gift cards or even asking the user to dial a premium rate number that earns revenue for the hacker. The amount of ransom demanded depends on a number of issues. Indiscriminate ransomware directed at the general public will usually have a ransom fee of between $20 and $600. However, ransomware designed to specifically attack an organization will usually be higher priced – even running into the hundreds of thousands.
Ransomware has grown in leaps and bounds over the last few years fueled by the thousands of people who opt to pay the ransom. Law enforcement agencies predict that in the last three years alone, hackers have made off with over $50 million in ransom payments, a tidy sum by any standards.
What Next After Infection?
You may be wondering why anyone would pay the ransom in the first place. Well, the reason people are forced to do this is that they have lost very important files. For example, imagine losing data that your small company relies on to do business. Many people are forced to pay the ransom after they consider what is at stake. Also, it is extremely difficult to retrieve files following a ransomware attack involving new variants. Cyber security firms have solutions for ransomware that has been around for a while but for completely new ransomware, you are pretty much on your own till someone figures it out. This could take several weeks or even months.
- Some people have been able to get back access by restoring their computers using the Windows Restore feature. But, some ransomware prevents access to this feature altogether.
The best solution is never to find yourself in a situation where you are considering paying a ransom. And, the only way to do this is to make at least three backups of your data on a regular basis. One backup should be a cloud solution and the remaining two should be physical media stored in different locations. You should also install a state-of-the-art antivirus program with real-time ransomware scanning.
And, as hard as it may sound, do not pay the ransom. Refer the issue to law enforcement and hire a computer professional to see what can be done to recover your files. It will be more expensive but much better than paying the ransom for three reasons:
Paying the ransom is not a guarantee that the hacker will send you the unlock key.
Even if you get the unlock/decrypt key, all you have done is inform the hacker that you are willing to pay a ransom if it happens again in future. So, you become a constant target.
Third, by paying the ransom, you have helped criminals earn a revenue and unwittingly encouraged them to continue with their criminal enterprise.
Finally, to avoid becoming a victim of ransomware, there are few common sense steps you need to take while using your computer and browsing the Internet. Never open email attachments from people you don’t know. Whenever you receive an email with an attachment always ask yourself the following questions:
- I’m I expecting this email and attachment?
- Do I know the sender?
- Is the web address genuine?
If anything looks suspicious, contact the sender before you open the attachment or click on any link in the email.Also, avoid browsing illegal sites like torrent download sites. Many of these sites host ransomware and other malware. You never know what you could catch simply by visiting these sites. Stay safe.