5 Things You Need to Know About Ransomware

HomeScience & Technology5 Things You Need to Know About Ransomware
Share Button

It’s the hot new cyber attack trend: you start your computer one morning, only to find your entire hard drive has been locked and encrypted by a hacker. Perhaps your PhD thesis is on that hard drive, or treasured pictures of your family. You then receive instructions on how to send the hacker money, in exchange for a password to unlock your computer. These attacks, involving a malware known as ransomware, are effective — almost half of people pay the cyber thieves to get their data back — so that means this nasty practice probably won’t fade away anytime soon. Here are five facts about ransomware, and ways to protect yourself.

 

5. More Attacks Targeting Organizations, Businesses

A ransom demand from the CryptoLocker malware program. © Christiaan Colen

A ransom demand from the CryptoLocker malware program. © Christiaan Colen

The FBI reported in mid-2015 that a ransom malware known as CryptoWall had cost victims $18 million in the past 15 months. That estimate includes only attacks that had been reported; the actual figure is likely much higher. And these cyber attacks are getting bolder, now going after larger targets. An attack against the city of Detroit sought $800,000 in ransom; the city refused to pay. Likewise, NASA refused to pay after a couple of its computers were hacked in 2013. Some attacks have even targeted police departments; a sheriff’s office in Tennessee and a police department in Massachusetts paid a ransom to get their files back.

A 2014 study of 1,500 adults in the UK found that 1 in 30 had been hit by a ransomware program known as CryptoLocker, and 40 percent of those targeted confessed to paying ransom for their information. In 2014, the U.S. Justice Department and Interpol launched an operation against the servers distributing that malware. Although law enforcement officials touted that operation as the end of CryptoLocker, the malware has reemerged. Other ransomware programs with names such as CryptoWall, AlphaCrypt and TeslaCrypt remain a threat. As with many other online scams, authorities and IT security experts are usually a step behind as new hacking threats emerge and evolve.

 

4. Ransomware Hackers Generally Honor Their Word

A cyber attack on U.S. computer assets could cripple the country.

Hackers generally keep their promise to release files if you pay the ransom. © Davide Restivo

Ransomware hackers usually request amounts less than $500, something they know many people would consider paying. In the case of threats against organizations, amounts in the tens of thousands of dollars are common. They often prefer to be paid anonymously in gift cards or Bitcoin, and generally release victims’ files if the ransom is sent. Some hackers even give victims tips on how to avoid being a target in the future!

There have also been cases where hackers have offered to allow victims to decrypt one or several trial files for free, as a good faith gesture. They will often, however, set a deadline for payment, after which they generally double the ransom. Strangely, these hackers seem to understand that providing good “customer service” generally leads to a successful scam.

 

3. Anti-Virus Software Often Isn’t Enough

Ransomware is growing more sophisticated to avoid detection by anti-virus software. CryptoLocker © Christiaan Colen

More sophisticated ransomware can avoid detection by anti-virus software. © Christiaan Colen

Ransomware generally infects a computer as part of a virus payload known as a Trojan. Most of these target Windows operating systems — used by the majority of personal laptops and PCs — and can also exploit vulnerabilities in outdated JavaScript applications. Many standard anti-virus software programs fail to block ransomware programs. A recent version of the CryptoWall 4.0 program has been spotted that actually encrypts file names as well as the contents of the file itself, in an effort to evade detection.

 

2. What to Do When Your Computer is Held Hostage

Computer scams are becoming increasingly common in social media.

An FBI official created a controversy in 2015 when he suggested that some organizations should just pay the ransom to hackers to get their files released.

Is it safe to pay these hackers? Obviously, you should never give them a credit card number or send them a check. Although the FBI doesn’t explicitly advise victims to pay up, Joseph Bonavolonta, an official with the FBI’s Cyber and Counterintelligence Program, stated in late 2015 that, “The ransomware (CryptoWall) is that good. To be honest, we often advise people just to pay the ransom. … The overwhelming majority of institutions just pay the ransom … you do get your access back.” Of course, there is no guarantee the cyber thieves will release your information even if you do pay. Or they might release your computer, but strike again in the future.

What do you do if you don’t want to pay? You might attempt to fight fire with fire by recruiting a friendly IT person in an attempt to unhack your computer; although there is probably nothing they can do in terms of breaking encryption to get your files back, they can help you through the process of removing the malware. If you have a backup of crucial files either on a portable drive or a cloud-based backup service such as Jungle Disk or Carbonite, the solution is simple: simply roll back (if you can get the machine in an isolated state such as BIOS) or re-install the entire system along with the backup files. This is a time-consuming process, but at least you can thwart the attack. Finally, you should report your ransomware attack to the FBI’s Internet Crime Complaint Center (IC3). Your information could help authorities track the cyber thieves.

 

1. How to Protect Yourself Against Ransomware

There are plenty of joys in freelance writing, but online freelancers face several tough issues.

Always be sure to keep important files on your computer backed up to a secure hard drive or in the cloud. © Rido/Shutterstock.com

Most tips of this nature boil down to common sense: don’t click on suspicious links, don’t visit suspicious-looking websites, keep anti-virus and spyware programs updated, etc. Enable pop-up blockers, because many problems result from inadvertent clicks on malicious web pages. But without question the best thing you can do to protect yourself is to back up crucial files, ether on an external hard drive or a cloud-based backup service. Some of the better virus protection programs, such as Kaspersky, have settings that monitor the system for screen-locking encryption programs, and will automatically roll the system back to a protected state if an attack occurs. It’s vital to disconnect every device you own from the network immediately if one of them becomes infected.

Using a VPN (Virtual Private Network) while browsing the web can also mask your IP address (handy while traveling and using questionable public WiFi connections) and can defend your computer against malware targeting specific online access points. Many viruses make their way onto computers even in secured classified areas via thumb drives. Also, don’t forget smartphones and tablets; many users now mainly access the web using these, yet leave them completely unprotected.

Written by

David Dickinson is a backyard astronomer, science educator and retired military veteran. He lives in Hudson, Fla., with his wife, Myscha, and their dog, Maggie. He blogs about astronomy, science and science fiction at www.astroguyz.com.