In this in-depth article we will inform you about ransomware, its origin, how it works and of course how you can defend your computer against this very potent threat. We also have some useful tips on what to do, if your computer is affected by ransomware.
Ransomware is not a new phenomenon when it comes to it security, and has been a very common in Russia for some the. For the past few years it has seen a huge surge – primarily in the US, and Europe.
The history of ransomware
One of the first reported incidents of ransomware is dated back to 1989 where a software developer develops a virus that locks computers, and then requires a ransom to unlock it again. He is quickly caught; though he is declared mentally unfit for trial he is sentenced to donate all collected ransom to help fund AIDS research. The following years, not much is heard regarding ransomware attacks.
In 2005 more and more cases regarding ransomware is reported, and the software used to take computers hostage is becoming increasingly more and more sophisticated. In the following years a large number of computers are affected, and as users and security companies gain more knowledge, software is developed to combat the threat of ransomware attacks.
Until the end of 2013 not much in the way of ransomware attacks are being reported, but that change very quickly when the first reports of a new ransomware program “CryptoLocker” is announced. CryptoLocker uses security breaches in installed software on computers, to lock the system and demand ransom using the Bitcoin-platform. In December it is reported that from October 2013 to December 2013 more than 27 mio. USD is collected as ransom using the CryptoLocker software. In the wake of CryptoLocker many new and different types of ransomware is created, and in some cases entire websites being taken hostage is not unheard of. In other cases, ransomware target specific hardware producers gaining access to even more computers.
In the first quarter of 2013 a large it-security company based in the US, reports of no less than 250.000 cases of ransomware attacks in the US alone. This was an increase by more than 100% when comparing to the first quarter of 2012.
How does Ransomware work?
In most cases ransomware will gain access to your computer like most Trojans, after which it will begin encrypting files on the computer making access impossible, unless a ransom is paid – hence the name ransomware. Ransomware usually finds its way to most computers just like a virus do. By installing themselves, when the user opens files or runs a program where the virus is hidden. In the technical sense ransomware is often described as a Trojan.
The main objective for ransomware is getting the user to pay for the unlocking of files affected by the program. Even if the user chooses to pay the ransom it is very unlikely that access is restored (it’s recommended to never pay any ransom under any circumstances, should you be the victim of a ransomware attack)
In most cases where ransom is paid, and the files are not destroyed, a code or a program is sent to remove the lock on the affected files. The most important condition for making these types of attacks a possibility is the ability to mask the flow and transfer of money. In most cases payment is required to be paid in Bitcoins, expensive SMS-services, wire transfer or voucher services
Two types of ransomware
Ransomware is usually divided into two groups; encrypted and non-encrypted, the main goal for both types of ransomware is not changed and as such, and seeks to demand ransom from the users.
Encrypted ransomware is known to lock computers or specific files. In most cases computers infected with this type of ransomware have almost no hope of recovering the afflicted files.
Non-encrypted ransomware does not take files as hostage, but keeps the users from using their computers by showing pornographic- or other undesired content. The result is however the same, the user have to pay ransom in order to regain control of their computer.
Victims of non-encrypted ransomware have reported that their computers got locked by what seems to be authorities such as the FBI/CIA or equivalent authorities in other countries. The user is informed of illegal content on the computer such as downloaded music, programs, movies or pornography, and is then charged a fine in order to unlock the computer and avoid further penalty.
in 2010 one of the major cases regarding non-encrypted ransomware takes place in Russia, where Russian authorities seizes and arrest a group linked to ransomware. In this specific case the affected users are shown pornographic content, and are required to send large amounts of texts to an expensive SMS-service. The virus spreads quickly and is estimated to have collected more than 16 mio. USD in ransom.
As mentioned earlier in this article it is not under any circumstance recommended to pay any ransom at all. In most cases all traces of the program will be deleted or destroyed including any files affected by the ransomware.
How do you protect yourself against ransomware?
The most important aspect when defending your computer against ransomware is being extremely vigilant when using the internet. Most ransomware attacks are due to the user unintentionally opens, installs or executing files containing Trojans, which opens the doors for actual ransomware attacks.
It is estimated that more than 8% of all users in the western world have been the victim of a ransomware attack or other cyberattack during the last 12 months.
We have gathered four essential tips when it comes to preventing ransomware attacks
1: Use security software
Make sure to always have at least one updated and functioning antispyware- or antivirus program installed on your computer. These programs are the gatekeepers to your computer, and will be able to identify, locate and in most cases remove most types of viruses – including ransomware.
Scan your computer at regular intervals and make sure to never open/run any files before scanning them. Antispyware- or antivirus programs are not 100% bulletproof but offer the best possible protection money can buy.
2: Never open files you do not trust
Practically every ransomware attack is due to the fact, that the users opens a file or runs a program with ransomware hidden in it. Once installed the ransomware takes your computer hostage.
This is not related specially to just ransomware but to most other forms of viruses such as Trojans, malware etc. Always be extra careful with any files received or downloaded. Remember that sources you do trust, such as friends and family, could be the victim of a virus attack and could unwillingly be sending you files with ransomware or other threats.
3: Always update your operating system and programs
Make sure that you operating system and all installed programs are 100% updated to the newest version. Most programs are updated continuously, correcting any flaws and removing security breaches in them. If your programs are not up to date, any breach could pose a security risk.
When updating make sure to use trusted sources such as the publishers website. Should you choose to update using a 3rd party website, there is a chance that the files could contain virus.
4: Backup important files
Always make sure that you perform backup for your must important and valued files at regular intervals. This is possibly the one single advice that can save your data, should you be the victim of a ransomware attack.
When performing backup always use an external source such as a flash drive/USB-stick or use an online backup service. Most operating systems have a built in backup-function, and most types of security software also offers backup services.
If disaster strikes!
There is always a chance of being the victim of ransomware attacks – even when taking every precaution available. We have gathered a few tips should you be so unfortunate to be the victim of a ransomware attack.
1: Never pay
The first thing to know is that you should never pay any ransom under any circumstances, as mentioned in this article, there is no guarantee of actually recovering locked files – even when paying. Should you choose to pay there is a big risk that you will have to pay an even larger ransom after paying the original ransom. Depending of the type of attack, you should know that there is a great chance of not being able to recover affected files.
2: Get advice online
Ransomware is found in many different forms which is why it’s very difficult to give specific advice .You can however find a great number of articles on the internet describing how to combat specific ransomware attacks. In some cases the key to unlocking your files or computer can actually be found in the code of the ransomware program, which is why you should seek advice from others who have also been the victim of ransomware, online.
3: Seek professional counsel
No matter the scale of the ransomware attack most users will need the help of a professional to restore their computer. In most cases you will have to reinstall your operating system and all of your programs again, you will also need to make sure that all traces of the ransomware is removed completely from your computer.
Unless you are an advanced user we recommend the aid of a professional.
After reading this article it is our hope that you know more about ransomware, its nature and how to deal with it. Our primary concern is to help all our users to not fall victim to cyber-attacks and to achieve the highest possible level of security.