What Is Ransomware and How Can You Beat It?

What is Ransomware?

Ransomware is a malicious software (or malware) that disables the functionality of your computer by restricting access to it in some way. Then, it demands a ransom to be paid to the malware creator in order to restore your system’s functionality.

Ransomware is becoming an increasingly popular way for malware creators to extort money from companies and consumers.

There are a variety of ransomware that can get onto a person’s computer but these techniques rely on social engineering tactics or software vulnerabilities to silently install on a victims’ computer. However, all of them will prevent you from using your PC normally, and they will ask you to do something before you can use your PC.

Types of Ransomware

The first step in ransomware prevention is to recognize the different types of ransomware you can be hit with. There are two main types of ransomware: encrypting or “crypto” ransomware, which encrypts some or all of the files on the victim’s computer; and screen locking or “locker” ransomware, which locks a computer and displays images of various law enforcement agencies to intimidate and extort money from victims. Another type of ransomware is scareware, which appears in the form of pop-ups. These pop-ups appear as legitimate warnings claiming that your computer has been infected with malware. This type of malware tries to scare the victim into paying a fee to purchase software that will fix the so-called “problem”.

 

Figure 1: Example of locker ransomware
Figure 1: Message used by locker ransomware to lock your computer.

 

An example of the message used by locker ransomware to lock your computer is shown in Figure 1. Upon starting your computer, you will encounter a full size window often accompanied by an official looking FBI, Department of Justice, or Department of Homeland Security seal that claims that illegal activity has been detected and you must pay a fine.  These claims are false. It is a scare tactic designed to make you pay money. Please keep in mind that law enforcement agencies will not freeze you out of your computer. If they suspected you of cyber crimes, they would go through the appropriate legal channels.

Figure 2:
Figure 2: Message shown by Cerber, one of the most prevalent and dangerous ransomware currently active.

An example of encrypting or cryto ransomeware is shown in Figure 2. This type of ransomware is very dangerous; Once hit with encrypting ransomware, not only will your files be encrypted but also all files on the network you have access to will also be encrypted. This type of ransomware encrypts files in folders in network shares, and in all drives of the machine. No security software or system restore can return your files to you. Unless you pay the ransom, your files are gone. Even if you pay the ransom, recovering all of your files is not guaranteed.

Tips for Preventing Ransomware

Ransomware can be very scary; the encrypted files can be considered damaged beyond repair. But if you have properly prepared your system, ransomware is nothing more than an annoyance. Here are a few tips that will help you keep ransomware at bay.

  • Back up your Data – Backing up your data should be a normal occurrence, you should always have a regularly updated backup. If you are attacked by ransomware, you may lose important documents that you have been working on. Having a regularly updated backup means that you can rid your system of the ransomware then restore your document from your backup. Make sure that you backup to an external drive (such as an external hard drive or USB drive) or cloud backup service, this ensures that even if you are hit with encrypting ransomware, your backups are safe and you can restore your files.
  • Be wary of suspicious websites and email attachments. Drive-by downloads are the most commonly used ways that malware creators use to spread ransomware. A drive-by download refers to the unintentional download of a virus or malicious software onto your computer. The best advice to avoid drive-by downloads is to avoid visiting websites that could be considered suspicious or malicious. Many internet browsers warn you when you navigate to a malicious site. Also, be wary of emails with attachments; before opening an email attachment, make sure that it is from a safe sender. Avoid opening attachments and emails or clicking links from senders you don’t know.
  • Use a reputable security suite. It is always a good idea to have both a firewall and anti-malware software to help identify threats and suspicious behavior. Malware creators frequently send out new variants to try to avoid detection. Having both a firewall and anti-malware software increases your protection against these threats.

 

Ransomware
Figure 3: Ransomware 101.

GramercyIT offers a one-stop shop for protection against ransomware and other malicious attacks. We employ cutting edge strategies and technologies to secure your network against threats to your network. We also provide services to help you backup your data.