Ransomware is an advanced form of cyber crime which is sadly becoming incredibly widespread. Unfortunately, it has now evolved to the extent that if you fall victim, it’s extremely hard to recover from. It’s now netting cyber criminals millions of pounds a year.
The scam works by using malware to disable the victims’ computers and forcing them to pay a ransom in order to restore access. Many online users are being confronted with messages such as ‘This operating system has been locked for security reasons’ or ‘You have browsed illicit material and must pay a fine’. Social engineering tricks are often used, such as displaying fake, but authentic-looking messages pretending to be from the police, to intimidate victims into paying up. There has been a significant increase in the amount of professional cyber gangs using ransomware in the last few years.
It first emerged in Russia and Eastern Europe in 2009 and has now spread to Western Europe, the US and many other countries, causing high infection rates and an enormous amount of frustration for consumers. Professional cybergangs use intelligent malware which, once it has accessed your computer can identify which country you live in (via your IP address) and present a message in the local language with the logo of a local public authority.
The ransomware completely disables your device and is designed so that it entirely encrypts your files and the only way to restore functionality is to pay a fine to receive the key to recovering them. It is mainly found on suspicious websites and arrives either via a ‘drive-by download’, stealth download or through a user clicking on an infected advert. It is also distributed via e-mail.
Different variants of malware are being developed, and within those variants criminals vary the code slightly to help the malware get past security software. One of the most serious variants was detected 500,000 times in 18 days, which generated an income for the criminal of $33,600 in one day.
Given the number of different malware variants and criminal gangs operating ransomware attacks, it is estimated that more than £7 million is being extorted from victims every year.
How to prevent ransomware infections
You must have security software installed and ensure that it is up to date with a current subscription. With thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection at all. Also, make sure you opt to have the full set of protection features that are offered within your security product.
Make sure all of the software on your system is up to date. This includes your operating system, your browser and all of the plug-ins that a modern browser typically uses. One of the most commonly used infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimise the likelihood that your system has an exposed vulnerability on it.
Backing up your data on a separate hard drive is your main defence against ransomware. This way you can at least recover the data you’ve lost from the point of your last backup. While the malicious software itself can be removed, getting your data back is a whole different story. Because new strains of ransomware are using advanced cryptography, recovering files is pretty much impossible without the necessary key to unencrypt them. Therefore, you’ll want to backup your data regularly.
Be on your guard. Now that we’ve made you aware of this ever increasing risk, just watch out for it. Be wary of any websites that look even slightly spammy, don’t download anything from an unknown source and never click on links in e-mails until you have validated the sender. Spread the word, help your family and friends to protect themselves too.
What do you do if you accidently fall victim to ransomware?
First things first – you will want to alert the police. They might not be able to help you much, but they should still be made aware of the crime. Next, turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network. Then you’ll need to remove the malware.
If you’ve backed up your files, you’ll have no need to pay the ransom. But if you haven’t and you need your data, you’ll have no choice but to pay the ransom. The cybercriminal will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is software used to make web browsing anonymous. This means that tracing the thieves is nearly impossible and if they decide not to unlock your computer you are pretty much out of luck and money.
If the hackers do give you the keys to unlock your encrypted files, there is still a chance they could lock your computer again in the future to demand more payment. With this in mind, it’s imperative that you take the measures we’ve mentioned to protect yourselves from falling victim to an attack.