It’s another normal day. You wake and head over to the office, grab a cuppa and settle down to begin going about your daily business. You hit the power on button on your computer and instead of the usual login screen you are accustomed to, you are instead confronted by an on-screen message, very likely featuring the image of a large padlock, informing you that your computer is permanently inaccessible until you make a payment via in a prescribed form.
Welcome to the world of ransomware. You have just become a victim.
So what is a ransomware?
Without getting into technical jargon, ransomware is any malicious software program that infects your computer and restricts access either by locking the screen, encrypting files or both, until you pay the hacker that created the program a ransom.
The first such program to be distributed widely was a program known as Cryptolocker in 2013. Thousands of people had their lives disrupted.
Unlike other malware that spies on your computer silently and sends stolen login details and other personal data to hackers, ransomware announces itself. It’s actually quite audacious on the part of hackers.
Like most viruses and malware, ransomware uses many of the same attack vectors. For example, email attachments and links, botnets, torrents and other technical means such as piggybacking on genuine software updates. The recent Goldeneye/Petya ransomware that affected users in late June 2017, gained access to computers via a software update of a popular accounting application in the Ukraine. The hackers somehow managed to infiltrate the software company that designed the program and injected the ransomware into the software update files. Everyone who performed the update caught the infection.
Unlike other forms of viruses and malware, you can’t get rid of ransomware by flashing the BIOS, wiping the drive or returning the computer to a restore point. The hackers make sure you can’t access any of these features. Also, a unique decryption key is created during the install and stored on the hacker’s server. In the event, you fail to pay the ransom in time or the ransomware detects an attempt to tamper with it, a “self-destruct” is triggered, deleting the decryption key and destroying all the encrypted files on the user’s machine. If the ransom is paid in time, the hacker sends the decryption key to the user and the user enters the key in an area provided on-screen. This unlocks/decrypts the files. Ransom payments are usually demanded via digital currency Bitcoin which makes sure the identity of the hacker remains anonymous.
Because hackers have been known to release the decryption key once paid, many people have resorted to paying the ransom rather than seeking other ways to deal with the problem. This has added fuel to the fire because so long as hackers can make money with ransomware, they aren’t going to stop anytime soon.
Ransomware isn’t simply a nuisance. It is a serious security threat that has law enforcement agencies working around the clock to bust hacker rings. While some infected computers are still usable, loss of data has a serious impact on productivity for businesses. Small businesses may never be able to recover if they lost important data.
The best defense
The best defense is data backups. If you have a backup of your data, you won’t have to pay the ransom. You will only lose time trying to get your computer to work properly again. Secondly, install an antivirus program that offers strong ransomware protection and always ensure it is up to date. Don’t ignore operating system security updates. Set your computer to automatically install security updates. And, don’t click on links in emails or open attachments from people you don’t know. Avoid pirated software and torrent sites because these often host ransomware.
If the unimaginable happens and you find yourself having to deal with ransomware, do not panic. Antivirus companies have a number of solutions for the most common types of ransomware. Check out their sites and from another computer and follow the instructions. Unfortunately, if it is a new type, you may have to wait a little longer for a fix. All the same, security researchers are making great strides but it will be a while before they beat the hackers at this game. With ransomware, prevention is better than cure.