What is Ransomware?
Ransomware: What it is, prevention and what to do in an attack
Ransomware (also known as “scareware”) is a type of malware that attempts to extort money from a computer user by either encrypting the victim’s files and folders stored on the device, or actually locking the whole computer or laptop; preventing the use of the device until you pay a certain amount (the “ransom”) to the cybercriminal.
There are generally two types of ransomware:
- Encryption ransomware, which encrypts your files with a password, preventing you from opening them, and
- Lockscreen ransomware, which displays a full-screen image or webpage that prevents you from accessing anything in your computer.
How is ransomware installed?
Ransomware can be installed in a variety of ways. However, in most instances, it is downloaded automatically into your computer when you visit a malicious website or a website that's been compromised.
Remember though that the development of ransomware is getting more sophisticated so make sure you watch out for the following ways it can, or could be installed:
- Distribution via email. For instance, clicking on a link in an email, or clicking on an attachment, also remember that friends or families email could be used to spread ransomware if their computer is infected with malware.
- Clicking on an infected advert
- Instant messaging services
- Social network websites
What happens next with ransomware?
At the point of the files or folders being encrypted, or the device locked, the ransomware will display a notification via a text file or a webpage in the web browser that the authorities in your location have detected illegal activity on the machine. The ransomware notification always looks official, and uses the victims shock, embarrassment and even fear to push them into paying the “fine”.
The start of ransomware
Ransomware started a few years ago in Russia and was called Winlock – a non-encrypted virus that made over £10m ($15m USD) before the gang was caught. The scam has evolved over time, using various techniques to disable a computer. Cyber-criminals are developing new sophisticated variants of ransomware because there is huge potential of massive financial gains.
Prevention is the best cure
Of course, the best and often simplest defence one can muster against a problem is not to have it in the first place.
First, make sure you have a comprehensive anti-virus program installed on any computer, laptop or tablet. Good anti-virus software will cost money, but will be much less than the cost of trying to recover your documents, contacts or photos, and getting the device back to normal working condition, sometimes in the form of reinstalling the operating system and software.
- Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverage software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
- Have comprehensive security software installed and most importantly up to date with a current subscription. Remember with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection.
- Install a good solid anti-malware package on your system alongside your security software as a secondary defence.
Do I pay the ransomware “fine”?
The simple answer to this is NO. It isn’t quite as simple as paying the ransom and getting your data back, for several reasons. First, remember you’re dealing with criminals – why should they care about your data? Second, these criminals will be keen to maximise their profit from every victim, so if you pay by credit card or provide your bank details they can commit further fraud using this information, or sell it on to other scammers. Avoid getting into a position where this sort of extortion is easy for the crooks. Instead, consider investing the money on some prevention and precaution.
After all, you can lose your data in all sorts of ways other than through ransomware - from fire and theft, through hard disk failure, to plain old user error.
So why not go for precautions - a decent backup regimen, for example, or a solid network security gateway - to protect you against a wide range of risks, including the threat posed by hackers and crooks?
In almost all cases, paying the "fine" does not necessarily return your computer to a usable state. As such, we strongly recommend that no payment be made and that the user report the incident to the proper local authorities.