Ransomware isn’t a new threat it has been around for a number of years but as is the case with most forms of malware it takes different forms and will have peaks of activity. Like any kind of ransomware, a ransomware virus will take something from your device and hide it or make it inaccessible typically using some form of encryption until a fee is paid to recover it. Usually you are required to pay in Bitcoins currency because these transactions can be carried out anonymously although sometimes other methods are offered but come at an additional premium.
Ransomware gains access to a computer the same way as any kind of virus or computer worm, either through getting the user to open an infected email, navigate to a compromised website or install an infected program.
Once inside a computer it can work in one of several different ways. One of these is to bombard users with adverts, until they pay to have them removed but more common in current forms of ransomware is to encrypt user files until the fee is paid and some ransomware even threatens to delete the encrypted files forever if the fee isn’t paid in a set timescale.
How did it get there
Most likely it happened when you accessed a website containing malicious scripts. These can be hidden under the form of:
- A browser plug-in or extension (typically a toolbar)
- A multimedia codec required to play a certain video clip
- You received an email with an infected attachment
- Software shared on peer-to-peer networks
- A free online malware scanning service
To pay or not to pay???
With your valuable data encrypted and inaccessible it can be tempting to pay the ransom, typically £250-£500 but just remember you are dealing with criminals so there is no guarantee that having paid them they will keep their end of the deal and decrypt your files so you can access them again. There have been reports of victims of ransomware paying up and then receiving demands for more money and never actually getting their data back. The more people who pay up the more the criminals will be convinced this is a good technique to use as it offers them easy money.
How to protect your data
Ransomware that encrypts files can also get to your network shares so it is important that users are vigilant and don’t click on attachments they don’t recognise or download files from file sharing sites. Always ensure you have up to date virus protection installed on every device because although anti-virus software can’t usually detect the ransomware itself it is quite common for the ransomware to accompany viruses or for a compromised website to contain a virus that may alert a user to it be untrustworthy. In most cases the only way to retrieve your data is from a backup or previous version so it is important to ensure a regular reliable backup solution is in place.
There are some situations where encrypted files can be decrypted but this relies on knowing which device was initially infected and then hoping that the process hasn’t yet completed so that the encryption key can be detected which allows the decryption. Once the encryption process is complete the encryption key is uploaded to a secret server belonging to the cyperthiefs and is deleted from the infected device.
What should you do to prevent becoming a victim
Be vigilant when browsing the web, even if you are on a website used frequently be wary of a download link that looks a little different to how the site usually presents them. If you are reading a site that has ads be sure what you are clicking on as some ads can appear mid article and have nothing to do with the reputable site you are using. If you receive an email with an attachment and you don’t recognise the sender or you are not expecting an email relating to the subject it contains, don’t let curiosity get the better of you by opening it.