By now, anyone with even the most fleeting of tech know-how will have been exposed to terms like “virus”, “trojans” and “malware” – some might have even been “lucky” enough to have had first-hand experience with the malicious software. But for the most part, the term “ransomware” hasn’t managed to garner quite the same amount of notoriety, despite the fact that it represents an entity which is just as deadly – and in some cases even more so – than its peers.
And that is exactly what ransomware are: malicious programs that were created with the sole intention of holding victims’ data for ransom until they pay money to have it released.
Although ransomware have been around since the late 1980’s, they pretty much avoided the limelight until 2013, when they were back with a vengeance.
How Do They Work?
Basically, once ransomware get hold of a computer they deny partial or full access to the system or personal files found on it. This is usually done by encrypting the files. To reverse the encryption, the user is asked to pay for a decryption key – the only way around the problem.
The request and method of payment varies from a few dollars sent through premium SMS to hundreds of dollars in electronic currencies (Bitcoins being one such choice). The people at the other end then send back the decryption key.
The only problem is that there is no guarantee the user will receive the key even after they have paid the request sum.
What Are Some Examples?
According to the FBI, there are two ransomware that have been worthy of their actions. The first is Reveton ransomware which is delivered by a malware called Citadel. This ware warns the victims that their computers have been identified by the FBI or the Department of Justice as being associated with child pornography sites (or any other online criminal activity) and requesting money to have the records set straight.
A second, an much more sophisticated, ransomware is Cryptolocker that uses a cryptographic key pair to encrypt the victims’ files and then asks them for money to gain access to the encryption key. Last year, it was announced that the FBI (in collaboration with other foreign law enforcement agencies) had seized Cryptolocker command servers and that the investigation into the criminals behind the attack was still ongoing. For now, though, the malware has been stopped from attacking any new computers.
This, of course, doesn’t mean that there aren’t any other ransomware out there. CryptoLocker.F (unrelated to Cryptolocker) and TorrentLocker continue to cause damage and downtime across the world especially in Australia and Turkey.
What is the Damage that Can be Caused?
Well, apart from the obvious inability to access their files and the ensuing downtime, victims of ransomware can also have their data stolen from their computers. Individuals can have their intellectual property and/or personal data stolen and reused for identity theft while businesses can lose trade secrets that can either be sold on or used by the attackers themselves.
How Do They Infect Computers?
The most common way computers get infected by ransomware is when a user clicks on a link that is on a malicious website or one that is included in an email. Alternatively, a person reading an email can be tricked into opening an attachment that appears to be an innocent image or zip file but is in fact that the installation software of the ransomware.
As soon as the link or attachment is clicked or opened, the ransomware installs itself in the background without the user noticing anything. Once done, it then starts encrypting all the files it can access – be they system files or operating system ones.
When the victim tries to access any of the files they will find that they can’t, and upon closer scrutiny will discover a couple of files that will be left in the directory. These files will be the “ransom notes” and will describe how the money is going to be paid so that the victim can get the decryption keys.
What Are the Remedies?
Any computer or server that finds itself in the unfortunate position of being held ransom by these wares has only two options for full data recovery. The first, as mentioned earlier, is the unguaranteed choice of paying the “pirates” for the key, and the second is to have all the data restored from backups. Of course, as anyone can guess, backups don’t always work.
It therefore becomes a necessity to have the system reinstalled from scratch; and this means the personal files will be lost for good.
What are the Prevention Methods?
The first and critical way of preventing ransomware from hijacking files is to always make sure that no one using a computer should ever visit websites that are unsafe. Users should also make sure they never open attachments from people they do not know or domain names they do not trust.
But in case a link is clicked on, or an attachment is opened, the fallback mechanism to stop the ransomware from being installed is to make sure that all computers and servers have the latest versions of premium anti-virus and/or anti-malware software installed as they will catch the ransomware before they can do any damage.
