Oops! Your important files have been encrypted!
The hard disks of your computer have been encrypted with a military grade encryption algorithm. There is no way to restore your data without a special decryption key. To obtain the key, please pay $500 in Bitcoin within 40 hours. If you do not send the money within the provided time, all of your files will be permanently encrypted.
Ransomware is a type of malware (malicious software) that blocks or denies a user’s access to their own computer system or to certain data files until they pay ransom money to release it. It is usually targeted at specific individuals or businesses with a lot to lose.
If you haven’t been impacted yet, it may only be a matter of time. With such a looming threat, properly understanding the danger and how to avoid it is essential.
We’ll discuss ransomware, it’s risks and how you can protect yourself against it.
- What is ransomware?
- How does ransomware work?
- Types of ransomware
- How to prevent ransomware
- How to remove ransomware
- Should I pay the ransom?
- Famous examples of ransomware
What is Ransomware?
In short, ransomware is a form of malware that holds your computer or your data for ransom. Threats of this type lock all or part of your computer down and will deny you access until you’ve paid the fee. Ransomware first appeared in the 1980s but didn’t pose a serious threat to the public until the last decade. Today, over 4000 ransomware attacks occur every day.
How does Ransomware Work?
Ransomware attacks tend to follow a general pattern:
1. You Contract an Infection
Ransomware infections work similarly to other viruses. You may download it as a result of phishing, a social engineering tactic that tricks you into authorizing a download that you think is a safe or legitimate program.
Alternatively, it could take the form of an exploit kit, which targets vulnerabilities in your existing software to gain backdoor access.
2. The Wait Period
Not all ransomware acts immediately. Some take up to 15 minutes to take hold, although others do manage to cause havoc in seconds. As many as 35% of victims are notified of the attack within 24 hours; while for 11% it took more than a day.
Your data and files will be encrypted, requiring a decryption key to access them.
The specific version of ransomware determines the level of encryption. A 16-bit and 32-bit encryption can easily be disabled using ransomware decryption tools. However, a 128-bit or 256-bit encryption is so strong it parallels browser and VPN security, making it nearly impossible to reverse.
4. Financial Demand
The final stage is a pop-up message on your screen, alerting you to the infection. It will demand a ransom, which usually falls around $300-500. Hackers only ask individuals for amounts they may have on-hand to increase the chances of them paying the fee, although businesses can pay tens of thousands of dollars.
It’s also common for the ransomware to mimic local authorities. The message may claim that you’ve acted illegally or accessed banned content, and that’s why you are being fined. They often use county police or government logos to increase the authenticity.
Ransom payments are usually demanded in cryptocurrency such as Bitcoin, which makes it more difficult to track.
Types of Ransomware
Ransomware is a general label for a group of different malware types. They all have the common feature of demanding a ransom payment for removal but they don’t all behave the same way.
The following are some of the most common types:
- Crypto-malware is one of the most popular. It works by targeting and locking specific files until you pay up. If the encryption is strong, then the only way to get your data back is to pay.
- Lockers work similarly, except they take down your entire system so you can’t access any part of it. You can’t even run an antimalware check to identify and remedy the issue.
- Leakware works by stealing your information and threatening to release the data if you don’t pay up. Targeted details could include your bank info, contacts, intimate photos, and personal documents. It’s an especially successful tactic as it causes the victim to panic and respond rashly.
- Scareware usually poses as fake security software. Once downloaded, it will alert you of issues that cost extra money to fix. In some cases, you will be flooded with so many alerts and pop-ups that your computer is unusable until you take action.
- RaaS stands for Ransomware as a Service, a meta-malware type employed by career criminals. A hacker will hire out their services creating and distributing ransomware in exchange for a cut of the fine. This kind is particularly dangerous as it can be used by anyone wanting revenge, and could target you specifically.
Over the years, countless instances of each type of ransomware have been detected. However, some attacks have done more damage than others.
Tips to Prevent Ransomware
Simply knowing about ransomware isn’t enough to keep you safe. Your best weapon is understanding how to protect yourself. Due to its destructive nature, recovering from ransomware is a unique challenge, so it’s better to learn how to pre-empt an attack and avoid the infection altogether.
Here’s how to do it:
1. Perform Regular Backups
While it’s relatively simple to remove a ransomware infection, getting back your encrypted files without paying the ransom is more challenging. If it’s impossible to restore your data, the best tactic is to perform regular backups of your system. Then, if you are attacked, you can simply restore to a time before you’d contracted malware.
2. Update Software Regularly
Ransomware commonly exploits security holes to gain access to your device. The best way to avoid this issue is to update everything regularly. Software producers release new versions with patches for known vulnerabilities, so staying up-to-date will increase your security drastically.
3. Click Smart
Phishing scams are another common form of ransomware distribution. Avoiding social engineering isn’t impossible, as long as you know the signs. Be on the lookout for fake URLs, unexplained email attachments, and pop-ups. Never click banner ads or other “deals,” and look for typos and unrealistic claims to avoid fraudulent emails.
Stick to Trusted Sources
Perhaps the best tactic to avoid accidentally downloading a ransomware trojan is to stick only to sources you trust. This refers to everything online: websites, software, emails, e-commerce sites, etc. Most domains and brands are highly reviewed, so it’s easy to stick to those with a good reputation.
Try Whitelisting Software
By creating a baseline of approved applications, whitelisting software will prevent any unknown programs from launching and running on your device. If you unwittingly download malware, the whitelisting app will compare it to its list of sanctioned programs and will block any actions that don’t match.
Use a Powerful Antivirus
Top-quality antivirus suites are essential for combating ransomware. They will alert users as soon as they locate a problem, and can also remove the infection easily. The best antivirus companies keep a catalog of all the known threats, so they can identify ransomware quickly and effectively. Some antivirus apps also provide a free ransomware decryption tool for malware with low-level encryption.
Some may feel it’s too time-consuming or expensive to invest in their computer security. However, facing a ransomware attack will be far more costly than any prevention strategies.
How to Remove Ransomware
Even with protective strategies, ransomware infections can still happen. It’s not the end of the world. If you fall victim, follow these steps to remove ransomware from your device:
If the ransomware has only locked specific files, it’s fairly easy to remove it from your computer:
- Enter Safe Mode
- Use your antivirus to identify the software
- Manually delete or let your antivirus do the work
While this will remove the infection, it won’t decrypt your files, which is why regular backups are so important.
If the ransomware has locked your entire operating system, it’s slightly harder to fix. You have three choices:
- Perform a system restore to a point before the virus infected you.
- Run your antivirus from a disk or external drive to delete the malware.
- Reinstall your operating system.
Should I Pay the Ransom?
This question is perhaps the most important when discussing ransomware. For some, paying a few hundred dollars to restore your machine is a worthwhile cost. In fact, 75% of those who are hit with ransomware do choose to hand over the money.
However, giving in to cybercriminals only furthers their efforts, causing more malware attacks around the world. You should also bear in mind that just because you pay the ransom, doesn’t mean you’ll actually get your files back. Sometimes, these criminals will just take your money and disappear.
You should also make sure you are not dealing with ‘scareware’ and that your data is actually encrypted before taking action. In reality, your best option is to perform regular backups so you can quickly restore your own data if you are attacked and ignore the cybercriminal’s threat entirely.
Famous Examples of Ransomware
WannaCry, the most destructive cyberthreat in history, downed over 250,000 computers in 116 countries. The ransomware’s victims weren’t just personal devices; entire businesses and systems were brought to a standstill—including the British National Health Service.
In the UK, patients couldn’t make appointments, doctors couldn’t access records, and lives were put at risk. Suddenly, the cyberwarfare we see in movies such as Firewall (2006) or Goodbye World (2013) was no longer just a plot device. The threat had become a reality.
Seventy-five percent of the victims had to pay to get their data back, and ransomware increased by 350% around the world in just one year.
This attack was not the first instance of ransomware, but it was one of the most destructive. Here are some other famous examples of ransomware over the last couple of years…
- CryptoLocker used a Trojan to target Windows computers. It affected 250,000 devices, mostly targeting users in the UK and US. The infection was spread using password-protected .zip files, which claimed to contain an important PDF.
- TeslaCrypt was a ransomware trojan that is now, fortunately, defunct. It targeted game-players via file extensions for popular games, such as Call of Duty, WoW, and Minecraft. Once infected, the malware demanded $500 in ransom payments from the victims.
- SimpleLocker is a type of mobile malware that mimics CryptoLocker. It blackmails victims by accusing them of committing a crime and demanding a fine. The pop-up fills the entire screen and returns even if you turn the device on and off.
- NotPetya was a reinvention of the Petya ransomware of 2016. Potentially inspired by WannaCry, just a few weeks later NotPetya was released. It demanded $300, and 90% of the attacks were on Ukrainian victims, leading some to suggest it was organized by Russia.
- Locky existed before the recent rise in ransomware. It affected half a million users and demanded a payment of one Bitcoin, which at the time was worth nearly $1,000. The malware was spread via an infected Word document, using social engineering tactics.
- Cerber is another earlier form of ransomware that existed in 2016. It attacked 150,000 Windows users in July alone, and continues to cost around $2.3 million a year.
Although these types of ransomware are some of the most prolific, countless forms currently exist. Fortunately, you can protect yourself.
Protect your Computer from Ransomware
Cybersecurity has become a buzzword of the modern age. Be sure to save regular backups of your data, constantly update your software and install a powerful antivirus and whitelisting software to detect and remove any threats.
Using these tactics will significantly increase your protection against ransomware and reduce your risk of becoming a victim. If you haven’t taken precautions already, it’s more essential than ever, as this type of malware continues to rise in frequency and severity.
If you’re looking for recommendations, take a look at our top ten antiviruses here.