What is a Ransomware attack, well it is where a cybercriminal attacks your computer by installing software known as malware. This malware will then encrypt your data files and display a ransom note for payment to DE-crypt your files within a certain time frame.
What Happens When you’re Attacked?
There you are sitting at your computer and you just opened up an attachment from an email that on the first site looked legit. Out of nowhere a window pops up saying that your files are encrypted and if you want access to them again you will have to pay a fee to get them decrypted within a set time period.
You think to yourself, yea right, I don’t think so, and then you proceed to close that window and nothing happens, you get another message, so hey why not shut it down and reboot?
Well sometimes if you’re lucky that will work, but more than likely not, you find that you cannot access any of your personal documents and such.
You’re now one of the thousands of people that have been attacked by Ransomware, and the only way to retrieve your data will be to pay up. (Well that doesn’t work always) So now what, well let’s take a look at what Ransomware is and some ways to avoid it from happing to you.
Hottest new way criminals make money:
So this is the hottest new way cybercriminals are making their money these days, by infecting your computer with a program that will encrypt your data files and sometimes your whole system, and the only way to get those files back is to pay them for the password that will unlock your data.
And in some cases, people have paid out and never received the passcode, so they were out the money and their files.
The first known cases date back to 2005 says Candid Wueest (Symantec’s main threat researcher) and that the infections have increased every year since. And in the year 2014, they had increased by 113% from the previous year. Candid Wueest says that “at the moment we’re probably around 30,000 infections per day around the globe”.
So as you can see they are becoming an increasing unwanted threat to our daily online activities.
There are a number of different forms of Ransomware viruses floating around the internet these days.
And they all come in the form of Trojan horses through the use of emails that are sent to you from what looks like a legitimate source containing an attachment or a website for you to visit, that will contain the Ransomware.
For the most part, your files won’t be corrupted like what other viruses do; they will just be locked down and encrypted, thus preventing you from accessing them until you follow the Ransomware instructions which for the most part will involve paying a fee on an average of $300.00 or more.
Here are some of the common ones:
- CryptoLocker: This one targets computers running Microsoft Windows operating systems,
it has been said that it hit the internet around September of 2013. CryptoLocker has spread through infected email attachments, and once it’s activated it will encrypt certain types of files on your hard drive and locally mounted network drives using RSA public-key cryptography, storing the passkey on their servers.
- It then displays a message stating that your data is now encrypted and if you want it back pay X amount of money by such and such date with bitcoin or a pre-paid voucher. CryptoLocker was isolated in May of 2014 by law enforcement agency where they were able to obtain the database of private keys used. From there they were able to build an online tool for recovering the keys and files.
- But before that happened, hackers were able to extort around 3 million dollars from victims.
- CryptoWall: Here we have a clone of the CryptoLocker which started spreading out around September of 2014 in Australia in the form of infected emails. Supposedly it was sent from the government department requiring the user to visit a page where you had to enter a Captcha code (which contained the malware).
- Once you hit the enter key the malware is downloaded and you are presented with the usual Ransomware message.
- TeslaCrypt: This one targeted game-play data for certain computer games like Call of Duty, World of Warcraft, and Minecraft to name a few. Newer versions of it are not only focused on computer games alone but will also encrypt Word, PDF, Jpeg and other files as well. In May 2016 the developers of TeslaCrypt shut down the Ransomware and released the master decryption key.
- After that ESET released a free tool that will decrypt affected computers, you can download the tool here: http://download.eset.com/special/ESETTeslaCryptDecryptor.exe
- CTB-Locker: This is another Windows operating system based Ransomware that saw a lot of action in the summer of 2014, and recently this year it has moved to encrypted websites. This one operates in the same matter as the CryptoWall where they use emails.
- . Once that file (usually in zip form) is opened and unzipped the program takes over and encrypts your files. Leaving you with the common message of pay up or lose your files.
In the email, it will look like it’s related to a Fax message that requires your immediate attention and to open the attached file for further instructions
- KeRanger: This one attacks computers running OS X operating systems (Mac’s, apple based) and as of March 2016 it has affected more than 7,000 Mac users. KeRanger is executed when you click on an app that has been infected with the virus all without your knowledge.
- (Never download an app from a place that you are not sure is a reliable source!) From there it will encrypt your files with RSA public key cryptography with the key to decrypt your files stored on their server.
- It will then create a “readme file” in every folder it has been encrypted with instructions on what, when, and how to go about retrieving the key.
- Locky: This was detected by Kaspersky Lab products in February of 2016 and is actively running amuck. It has been reported by Kaspersky Lab products that there have been attempts to infect computers in about 114 countries around the world. This is a nasty one for Mac users.
Those are just a few of the most common ones and will give you an idea of what is out there. Knowing what is going on in the internet world will be your first defense in fighting the hackers. So let’s take a look at some ways to avoid this happing to you.
What to do to prevent this happening to you.
Stay informed, one of the most common methods hackers like to try, is to infect your computer through Social Engineering where they will use Social Media sites and phishing campaigns used in email marketing.
This is where they will use enticing messages to get you to click on certain things, and once you do, they download the attacks without your knowledge. So by staying informed and educating yourself on suspicious websites, phishing campaigns, and other scams will go a long way in helping you to detect these types of hacks before it’s too late?
Now, knowing that Ransomware can come from suspicious emails, or a shady websites, where you might be tempted to download something that you shouldn’t, keep in mind, whatever you do, don’t open attachments in emails that you are not familiar with or visit strange websites that you come across when visiting any of your social media sites. That would only open the door to attacks.
If it seems a little strange or you suspect trouble, then, by all means, stay away from it.
Keep your Antivirus Software UP-To-Date:
Another thing is to make sure your antivirus and malware software is up to date, and if any of your software programs are asking you to update them, then do it, they are more than likely updating the security parts to keep attackers out. Also, keep your operating system up to date, this is why Microsoft and others are always sending you updates to their operating systems to help prevent you from being hacked.
You will still want your antivirus and malware programs up to date. Hackers will likely target older systems where there are known security holes.
BACK UP YOUR FILES!
This is the only sure way to avoid ransomware. I know it can be a hassle but if you develop a good backup routine of your files it can save you from heartaches from losing your precious family photos, to those valuable documents that took weeks of hard work to create, and let’s not forget our Tax returns, oh what a hassle that would be to replace.
If you need help on setting up a backup routine you can check out my post on Backing up your computer.
Having your files backed up on an external drive like the cloud or an external drive that is used primarily as a backup drive, (this could be a hard drive or even a flash drive) this will ensure that your data will be safe should you ever become a victim to such an attack.
From there you will be able to wipe your drive and then reload your software and download your files from your backup. And in some cases depending which Ransomware this is you might be able to remove it with software, this way all you have to do once it is removed is to reload your data files.
This may seem like a hassle but you will save yourself a lot of grief from paying the ransom money, and most likely you still won’t have your data. These hacks are known not to deliver what they promise. At least this way you can give the hacker the finger and be your way with your saved data files.
Stay Informed! Know what a Ransomware attack is all about:
Now you know what Ransomware is all about, what different types are out there, and how they attack your computer. You have a better understanding of how to avoid getting attacked, and ways to protect your precious files and folders from being held ransom, saving you a lot of grief and money.
Have any Question or comments on Ransomware?
I love hearing from my readers, so if you have any questions or comments to add to the discussion, please them in the comment section below.
I hope you have found this helpful, and will share this with others so we can fight this battle together, stay informed and stay safe on the internet.