A Dummies’ Guide to Ransomware – What is it and How it Works
In order to understand what you are dealing with, let us begin this article with a worrisome fact: last year on May 12th (that would be 2017), the biggest cyber-attack in history took place, when more than 200,000 regular computers were compromised by a ransomware hilariously dubbed WannaCry. The epicenter of this massive cyber attack using ransomware was in Europe, at least initially, but then it spread over the internet and affected private citizens and corporations alike from all over the world. Huge companies were crippled by WannaCry, the likes of NHS and Renault, together with banks and state institutions in various countries. Now you’re probably beginning to understand what’s all the fuss about ransomware, whether you’ve read about it in the news or you’ve heard your co-workers talk about at the office. If you want to learn the basics about ransomware attacks, what is ransomware, how it works, and what can you do to stay on the safe side while cruising the internet, you’ve landed in the right place.
What is Ransomware?
To put it simply, ransomware is a malicious computer program, also known as malware, that once installed on your personal computer, will gain total control over it and thus it will prevent you from accessing your personal data, unless a ransom is paid (read an anonymous payment using cryptocurrencies like Bitcoin or via credit-card). So, if you want to regain access to your life’s work (like your MP3/movie collection or whatever), you’ll have to execute a ransom payment to some anonymous guy on the internet. Why would you send money to a complete stranger? Well, that’s because ransomware locks or encrypts all the data on your computer (all your files basically) using state of the art encryption algorithms, and if you fail to pay the ransom demanded by the “hacker”, you may end up with all of your data erased after a certain period of time. What’s worse is that not only personal computers are affected by ransomware, but even smartphones, as there are new “strains” of mobile-ransomware malware that specifically target Android and Apple users.
Ransomware is Big Business
If you’re asking yourself why the ransom-business is booming and how come this type of cyber attacks are becoming routine, the answer is that there are tons of money to be made out of ransomware, i.e. this is a very lucrative enterprise for the perpetrators. A ransomware victim would have to pay anywhere between $200 and $1000 for the decryption/unlocking key, and the ransomware industry is estimated at more than $1,000,000,000 annually (that’s one billion), yet nobody knows the real figure, since many victims don’t report the attacks nor the ransom paid to the police, and so forth and so on.
Types of Ransomware
To put it simply, there are two main types of ransomware malware in circulation: encrypting ransomware and locker ransomware. As its name suggests, the former works by using state of the art algorithms to encrypt the content on the victim’s hard-drive/SSD drive, while the latter locks you out of your OS (operating system), rendering your computer useless, yet this variant does not encrypt your files. However, crypto-ransomware is the most common nowadays, and also the most dangerous of the bunch.
How Do You Get Infected With Ransomware
Here’s the most important part of the article: you must understand the various ways used by hackers to infect your computer or your smartphone with ransomware. In most situations (97% of the attacks to be exact), you’ll get “infested” with ransomware via spam-mail, also known as unsolicited email that is loaded with the respective malware. There are two types of infected spam emails: the ones containing a link to malicious websites (usually spoofing as genuine/legit ones), that once clicked will infect your computer with a form of ransomware. Then, there are the spam-emails containing dubious attachments, like Word documents or PDF/IMG files, which are basically booby traps that once clicked and opened, will infect your computer or smartphone with ransomware. Another method used by hackers to infect you with ransomware is via malvertising, which is a combo between malware and advertising. How does it work? Well, as you’re browsing legitimate websites, you may stumble upon an infected page, that will redirect your web browser to a compromised landing page, where a malicious piece of software will attack your system via an exploit kit. This is called a drive by download, as your computer will download and execute an infected file from the respective page, that will further install ransomware on your computer. I know this is getting complicated, but stick with me. You can also get infected by downloading software that contains ransomware (from torrents for example) or by using an infected USB thumb-drive.
Can You Protect Yourself from Ransomware?
The best way to protect yourself from ransomware is not to get infected in the first place, that’s pretty obvious. Now, the popular wisdom (including official advice from the FBI) says to never pay the ransom in case you get infected, as doing so would encourage hackers to continue with their dirty work in the future, and that sounds pretty logical. Also, there are ways to deal with a ransomware attack, whether by using specialized help from an IT security specialist or company or by using a free decryption tool (decryptor) that can be found on the internet. Depending on the nature of the attack, you might restore your system or not (without paying the ransom that is), but don’t get too optimistic, there’s a reason for which ransomware crime does pay. Hint: it’s very hard to circumvent software built by a criminal mastermind. Hence, the best strategy is to protect yourself from getting ransomware in the first place.
The first rule is: always have a backup for your important data, i.e. don’t put all of your eggs in the same basket (read on the same PC). Use an external hard-drive for your sensitive work/data, or upload your sensitive stuff in the cloud (OneDrive, Google Drive, Drop Box, SugarSync). Or both (better). Doing so would minimize the damage provoked by a successful ransomware attack.
Always keep the software on your computer (including the operating system, as most malware takes advantage of software vulnerabilities) up to date, especially when it comes to security updates for your antivirus software (i.e. Zonealarm, Norton and others) and OS (operating system). Don’t log-in via an administrator account on your computer for daily-use; use a limited privileges account instead, like a guest account. Use an ad-blocker for your web-browser and also turn off Microsoft Office Suite’s macros (Excel, Word etc) in the browser. Remove Adobe Reader/Flash, Silverlight and Java plugins from your browser. Never open emails sent by unknown people, never open dubious emails if you’re not 100% sure where they’re coming from, never download/run attachments from suspicious emails, nor click/follow links sent via email.