ransomwareUnderstanding and Dealing With Ransomware

Ransomware is a form of malware that inhibits a user from accessing personal files, opening specific programs or operating their computer altogether until an amount of money is paid to have functionality return. The parallels this process has with that of kidnapping helped this variety of malware earn its moniker. Theoretically, the operators of the ransomware will remove the restrictions on the victim’s computer once the ransom is paid. This is not always the case, however, and more often than not a ransomware operator will simply abandon the process after receiving their money.

Although all forms of ransomware request a payment in exchange for returned functionality, different versions use unique tactics to reach this result. Some forms of ransomware simply place a lock on a home screen or restrict system access, rendering the computer useless until payment is made. More malicious forms, however, go so far as to systematically encrypt large quantities of personal files. This type of ransomware is more difficult to overcome, and it often causes mass destruction of files that can potentially never be retrieved.

Many people have suffered great monetary loss due to encounters with ransomware. A little knowledge, though, can go a long way when dealing with ransomware attacks, as determining the type of infection being dealt with can greatly increase a user’s ability to mitigate system damage, file loss and monetary payment.

Antivirus and Update Imitators
Many ransomware products attempt to trick victims into thinking their computer is at risk. They accomplish this by imitating the appearance of an antivirus program or a necessary software update. This version of ransomware will bombard the user with alerts claiming that the computer’s system has been infected, and it will further explain that this infection can be eliminated if the user pays a fee. Through these scare tactics, ransomware operators steal millions of dollars every year from unwitting individuals. And, after a payment is made, the ransomware is most often still present and further warnings appear, again asking for payments in exchange for eliminating dangerous viruses that are putting the system at risk. The process can turn into a dangerous cycle for those who believe they are paying to keep their computer safe.

Other instances of ransomware imitate a software update notification, alerting the user that either the operating system or a specific program is out of date and requires reactivation. The alerts further explain that the use of the program or operating system in question will be prohibited until a payment is made, at which point it guides the victim to a website where they can rectify the situation. Sometimes payments are made directly through this website, but often the website does not appear to be functional and supplies options for other payment methods. These new payment methods, however, provide a much fainter paper trail and allow the operators of the ransomware to remain anonymous. Versions of ransomware that imitate other programs have proven their validity in the malicious software scene, but they can usually be handled relatively easily once they are spotted.

Screen Locks
Another popular strategy of ransomware viruses is to lock a victim’s screen until a payment is made. This strategy has been employed in a variety of ways, with some versions cloaking themselves as messages from government agencies while others make no effort to hide their act of extortion.

When message boxes supposedly issued by government and police agencies appear on a victim’s screen, they often falsely claim that the computer has been used to conduct illegal activity such as pirating software or storing child pornography. The fake government or police warning will then prompt a user to pay a fee for their crimes in order to regain access to their computer and personal files.

Other types of ransomware are more brazen, and they explain in a straightforward fashion that a victim’s computer and files are being held hostage and will be released upon payment. This form of ransomware has the same basic functions and end result of other varieties, but there is no attempt at subterfuge on the part of its creators. While victims are aware criminals are targeting them, they feel they do not have any other means of retrieving their materials and therefore often simply pay the ransom. In some instances, the victim’s files and system functions are returned, but this does not occur in all cases.

File Encrypting Ransomware
Extremely malicious forms of ransomware exist that will systematically encrypt a victim’s personal files. Even after the virus is removed from the computer, the files that were encrypted would still potentially be irretrievable. In this case, paying the ransom would purchase a code that would enable the decryption of the files. As with other instances of ransomware, the promise of being issued a code is not always delivered upon. Many victims, even those who pay, are never able to retrieve or decrypt the personal files that were affected during the attack.

How Ransomware Infects Computers
Ransomware usually spreads in the same manner a Trojan virus would, either by infiltrating a system through a downloaded file or through a crack in a network’s security measures. Many instances of ransomware are delivered through a simple email attachment. Once the file has reached its destination, it then runs a payload and infects its host computer with the ransomware it contains. Payloads can vary, and the most rudimentary payload will simply display a warning screen attempting to scare the user into paying a fine. More advanced payloads, however, will initiate the systematic encryption of personal files or attempt to rewrite the Master Boot Record of a vulnerable computer.

Protecting Against Ransomware
The best practice for protecting a computer against ransomware, along with any other malware, is backing up the system frequently and completely. The amount of time and money that can be saved by performing thorough and routine backups should not be underestimated.

In addition to maintaining a backup history, updating software patches as soon as they become available will also help protect against ransomware infections. Viruses frequently enter a system through cracks or exploits in its security system. Because of this, making sure all programs are as up to date as possible with current security measures will help protect against the intrusion of viruses and other malware.

Any email attachments that are not from trusted sources should be thoroughly examined before they are downloaded. Running any and all email attachments through a virus scanner will mitigate system vulnerability. It is important to remember that ransomware operators frequently sneak their product into systems using seemingly innocuous email attachments.

Getting Rid of Ransomware
If encountered, ransomware should be removed from the infected system immediately. The more rudimentary forms of ransomware, such as antivirus and update imitators, can usually be removed by placing the computer in safe mode and running a virus scanner. More advanced forms, however, will require attempting to perform an operating system restore. This process will revert the system back to a point in time prior to infection and therefore render the virus moot.

If these efforts prove fruitless, professional help may need to be enlisted. There are many experts available that will often be able to restore files and repair operating systems that have been damaged by ransomware. Although total success is not guaranteed, contacting a professional will supply a better chance of complete system recovery and full removal of a ransomware infection.


Leave a Reply