How to beat ransomware

Source: Vsoftsystems, 07/10/2018

Cyber criminals are finding ever more devious ways to lock your files.
We explain how to protect your devices from the latest threats
Ransomware hit the headlines a few years ago as one of the most
dangerous types of malware yet. It takes control of a victim`s device,
encrypts their files and then demands money in order to remove it.
Sadly, in the last year the threat of ransomware has grown much worse
- WannaCry will be the biggest ransomware story you can probably
remember from 2017.
Ransomware hasn`t only spread from PCs to phones, tablets and Macs but
there has been a huge increase in the number of instance of ransomware
detected. The methods hackers have utilised have also become more
intelligent, devious and difficult to deal with.
In this piece, we provide an informative guide on how to avoid,
detect, remove and recover from this devious malware.
On the following three pages you can read about exactly what
ransomware is, what it does and we also take a look at the biggest
ransomware attack to this day: WannaCry. Our Ransomware Survival Guide
also explains how you can avoid infection and, should it happen, what
the best way to recover from one of these malicious attacks is. Is it
worth paying the ransom? We cover the advantages and disadvantages of
that, too. This is especially worth considering if the attackers ask
the money to be in a strange currency, such as Bitcoin. Read on to
find out more...
Your ransomware questions answered
What is ransomware?
Ransomware is a particularly virulent form of malware that locks your
computer and encrypts your files so that you can`t access them. The
exact details vary, but it may stop you using Windows or certain
programs such as your web browser. Once your files are encrypted, the
ransomware will ask for payment to unlock them, usually in the
untraceable virtual currency Bitcoin. Although removing ransomware is
actually quite easy, your files will remain encrypted. There`s also
another spiteful trick the malware uses to get you to pay up: if the
money is not paid on time, the ransom is doubled.
How do I get infected?
As with most forms of malware, the primary source of infection is an
email attachment or malicious link. The senders use con tricks to get
you to open the attachment, such as pretending that it`s an invoice
for something you`ve bought from a reputable company. This tactic
preys on your fear of being charged for an item you didn`t buy, so
that you`ll open the invoice without thinking about it.
Where does ransomware come from?
Ransomware in its modern form originated in Russia and Eastern Europe.
Thanks to decentralised digital currencies such as Bitcoin, which make
it easy for attackers to demand a ransom and be paid without leaving a
trace, ransomware is now so lucrative that it`s become the primary
revenue stream for some cybercriminals.
It doesn`t even take much skill to create your own ransomware. Last
year, a Turkish security researcher called Utku Sen created a strain
of ransomware called Hidden Tear and published the source code online.
It was described as being `for educational purposes only` (as were
some early viruses) and ostensibly designed to teach security
professionals how to defend against such threats. However, it provided
a quick way for anyone with average computer skills to get into the
ransomware business.
What does it look like?
Once your PC has been infected and your personal files encrypted, a
message appears telling you what`s happened and provides info about
how �` and how much �` to pay. The look of this message will vary
depending on which ransomware family is behind the attack.
Is it really that common?
Sadly, yes. According to the latest IT Threat Evolution report from
Kaspersky Lab, in the first three months of 2016, ransomware attempts
were recorded in 114 countries around the world and 372,602 people
were targeted, with around 17% in the corporate sector (banks and
other businesses). That might not sound like a huge number of victims
when you consider that there are probably around a billion or so
Windows users, but the figures showed 30% more attacks than recorded
in the previous quarter, and this growth is showing no signs of
slowing. In March 2016, there were 184,767 recorded attacks, way ahead
of the 136,363 attacks in February and the 51,472 in January.
However, Kaspersky Lab warns that `the real number of incidents is
several times higher`, because it can`t always distinguish ransomware
from other forms of malware.
There have been several high-profile victims, including Lincolnshire
County Council, which was hit by an unnamed ransomware infection in
January that resulted in its computer systems being shut down for four
days.
Are only Windows PCs at risk?
Not anymore. Ransomware developers have started targeting Linux, too,
because a lot of web servers use that operating system. There have
also been attacks on Macs and Android devices.
Why don`t the police stop it?
It`s very difficult for law-enforcement agencies to track down the
source of ransomware because the criminals use state-of-the-art
encryption and routing tricks to make their location impossible to
identify.
What happens if I pay the ransom?
If everything goes to plan, once the ransom has been handed over, a
key will be generated that you can use to decrypt your files. But
first, you should read our full advice on page 3.
How can I be sure I`ll receive this key?
You can`t. Some ransomware, such as KeRanger and CTB-Locker, lets you
decrypt one or two files to prove that the key exists and works, but
there`s no guarantee that once you`ve paid a ransom all your files
will be unlocked.
What happens if I don`t pay?
Your files will remain locked and unusable, unless the encryption has
been cracked and there is a program you can use to unlock the files
for free. Such tools are rare but they do exist, so you might get lucky.