Spring 2018

Ransomware

Holding your computer hostage

Lee Ma

What is Ransomware?

Ransomware is a type of malware that is becoming more and more common these days. Cybercriminals are able to make a quick buck from infecting users with it. With the rise of cryptocurrency, staying anonymous to a ransomware attacker is easier than ever [1]. 

What ransomware does is prevent or limit a user’s access to their computer, usually done by locking all the files on a user’s computer with encryption. The owners of these ransomware attacks claim that they will unlock your files or your account after paying a fee, usually through a full-screen notification or image with instructions on how to pay.

Oftentimes, the attacker will threaten to delete all the computer’s files or to release sensitive information in order to scare the victim into paying the ransom. However, users should never pay the ransom for these attacks. Often, after the user has paid the fee, the ransomware attacker does not lift the encryption. Thus, leaving the user still locked out and with hundreds or even thousands of dollars missing from their pockets [2].

There is always the question of whether or not the law has ever caught cybercriminals. Unfortunately, it is unlikely that law enforcement would ever catch the person behind this kind of malware attack. These people know how to spoof their IP addresses, locations and any identifiers that their computers may leave behind. On top of that, most often the attackers will demand payment in cryptocurrencies, such as bitcoin, or in online gift cards, so that law enforcement cannot trace these transactions back to their bank accounts.

ransomware
How can I get ransomware on my computer?

Users would commonly download ransomware through visiting malicious or compromised websites. It can also come from other malware that may be present on a user’s computer. Another common method is from downloading attachments from suspicious emails. One of the trickiest ways of getting ransomware, known as scareware, is by downloading it through a fake anti-virus software that will claim that you have many threats to your computer, and offer to remove them for a fee [3].

Once the attacker has infected a user’s computer, often a full-screen image or notification box will appear, preventing said user from accessing anything on their computer. Sometimes these prompts will look very official, having government branding or other frightening words and images. For example, some ransomwares will try to convince the user that they have been engaging in illegal activities online, and now the government has locked out their account for money.

However, government officials and other respected organizations do not demand money through locking a computer. This is considering that many of the crimes that ransomware attackers say users are responsible for, are crimes that the government will not easily forgive by simply paying a fee.

How can I avoid ransomware?

Ransomware is definitely more daunting than other malware attacks, but the prevention methods are quite similar. Some precautionary steps include:

  1. Avoid visiting untrusted websites or clicking on any suspicious links or advertisements
  2. Avoid opening any unknown files that have been downloaded from the Internet
  3. Do a quick Google search to see if a website or downloaded file is official
  4. Avoid opening any suspicious emails or opening any attachments from contacts you do not know
  5. Double check to make sure that an email sender is who they claim they are, especially if there are any kinds of attachments
  6. Have an up-to-date anti-malware software installed and run scans frequently.
    1. Windows Defender comes with all PCs, and as long as Windows updates are consistently being installed, it should protect against most security threats [4].
    2. Malwarebytes has a free version that is a good option as a malware removal tool
  7. Keep an updated backup file, so that rolling back to a previous version of the system is possible

Anything suspicious that a user may find on the Internet, the user should handle with caution. A quick Google search may allow a user to gauge whether a website or file is safe or not.

What should I do if my computer has been infected by ransomware?

Firstly, do not pay the ransom. As stated before, there is no guarantee that the computer will be unlocked after paying the fee, as the attackers will remain anonymous and there is no way to track them or the payment.

So, what should you do if you are infected?backing up files

PC World has provided an article that goes over the most common methods of removal for the different kinds of ransomware. The best option is to bring your infected device to a trusted professional IT service, so that they may help you to try to recover your files and gain computer access, without having to resort to dramatic measures. The next best option is to restore your computer to a backup file, stored either in an external drive or on a cloud platform, where the backup file was created before the malware infection. Unfortunately, besides the two given options for removing ransomware, there are not many effective options left for users infected by ransomware.

To summarize, the best course of action in the case of infection with ransomware is to not pay the ransom, and bring your device to a trusted IT service as soon as possible.

References

  1. Digital Gold: why hackers love bitcoin (2017, May 15). Retrieved January 30, 2018 from https://www.theguardian.com/technology/2017/may/15/digital-gold-why-hackers-love-bitcoin-ransomware
  2. Ransomware (n.d.). Retrieved January 30, 2018 from ​https://www.trendmicro.com/vinfo/us/security/definition/ransomware
  3. How to Rescue your PC from ransomware (2017, April 3). Retrieved Jan 30, 2018 from https://www.pcworld.com/article/2084002/security/how-to-rescue-your-pc-fromransomware.html
  4. Ransomware FAQ (2010, July 21). Retrieved January 30, 2018 from https://www.microsoft.com/en-us/wdsi/threats/ransomware

More about Spring 2018