Ransomware has become a growing threat. It is malicious software that is often installed on your machine via a phishing email or a drive-by-download on a compromised website – a little while later, a pop up message will appear on your screen telling the user to pay a ransom in order to ‘unlock’ stolen documents.
The severity of ransomware varies. At the lower-end, most variants bombard the user with ‘scareware’ pop-up messages, telling them to pay up up to restore normal service. However, these variants have not actually encrypted any files. There are other versions which block access to the start screen, while ‘filecoders’, such as CryptoLocker, will encrypt document stores on the system’s hard drive.
These warning messages typically claim to be from law enforcement agencies, warning of illegal activities or content. They may alternatively claim that the system’s operating system is a forfeit, or pretend to be an anti-virus solution that has identified an infection.
Ransomware, described by one malware analyst as a “polished and finished product for the bad guys”, is so widespread that it is a big concern for businesses. One study earlier this year found that ransomware had a bigger impact on organisations than widely publicised advanced persistent threat (APT) attacks.
Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months time?
Instead, information security professionals recommend a few useful tips, such as regularly backing up your data and ensuring your computer is running the latest software and anti-virus (ESET protects against CryptoLocker, Cryptowall, CTB Locker and many other types of ransomware).
If you do get infected, and haven’t followed the advice above, all is not lost; your best bet is contacting an IT professional.
For less sophisticated ransomware that hasn’t encrypted files, you can enter Windows Safe Mode and run an on-demand virus scanner to hopefully remove the malware.
If you can’t get onto the home screen, another option is System Restore, which will restore system files and programs to a state they were in previously. To do this, shut down your computer, reboot and hit the F8 key continuously to enter advanced boot options. You should see an option to repair your computer.
If you pay, you will support cybercrime activities by funding them with money; you don’t have any guarantee that your information is going to be decrypted again. Remember, this is not a service; they are cybercriminals, even if you pay, you are not going to be ‘whitelisted’ so you could get infected again therefore it’s not a real solution for the future. Prevention is the most important tool against Ransomware, since the infection can be usually cleaned afterwards however the information is not always restored.