- November 11th, 2015
- 2 Comments
Online Safety, PC security
Ransomware. The word itself sends shivers down our spines. The concept that someone could be brazen enough to infiltrate and lock your computer, and then have audacity to demand money so you can get your information restored or unlocked, is shocking and terrifying. It’s also happening with increasing frequency.
Ransomware is a type of malware that locks your computer or mobile phone and prevents you from accessing your data (all of it!) until you pay a ransom. That ransom is usually demanded in Bitcoin payment, an encrypted form of online payment that enables the hacker to collect money online and anonymously. As for the rates demanded, these can vary widely. In some cases, victims are asked to pay hundreds of dollars; in other cases (usually those that target businesses and corporations) victims are asked to pay several thousand dollars.
How does ransomware work?
Many versions of ransomware make their way onto computers through infected email links. All it takes is a moment of carelessness, and a person may click on a malicious attachment. If the attachment contains ransomware (and it isn’t blocked by the person’s antivirus or firewall), that malware may start running immediately, locking the user’s system by way of encryption. Ransomware may also be hidden in malicious scripts on websites or in popup messages.
Once a person’s data is encrypted, the only way to unencrypt it is with the proper decryption key. This key, of course, is in the attackers’ possession and this is what they offer, for a ransom, to the victims.
The victim experience may be something like this. The screen becomes covered with a message stating that the computer has been locked and will only be unlocked if a certain amount of money is paid to a certain account. If the money isn’t paid (usually within a short time frame) the hackers threaten to destroy the private key thereby locking all the data on the computer forever.
But can you really trust a thief?
Of course, just because the criminals say that they will unlock the information if the victim pays the ransom doesn’t actually mean they will. These are criminals after all. What’s to say they won’t just make off with the money and leave the data encrypted? Additionally, though they may unlock the data that’s been encrypted, that doesn’t mean the computer is safe and sound. The computer may still be infected with the same malware that enabled the ransomware to be activated in the first place. Furthermore, the more often people pay ransom, the more profitable (and popular) this nasty form of malware becomes.
Ransomware isn’t new, but it is increasing
Ransomware as we know it today was “born” in Russia and Eastern Europe about a decade ago. It was an interesting player in the world of malware, but one that had a major drawback (from the hackers’ point of view, that is). There was no efficient way of collecting money from victims. However, now that Bitcoin has evolved into a true currency, things are much less complicated for hackers.
Adi Shamir is an award-winning encryption expert who co-founded RSA, an algorithm used to encrypt and decrypt messages that was released in the 1970s. The purpose of RSA was to encrypt information to protect the good guys. It was not meant to create a system so that the bad guys could engage in blackmail. Ironically, a lot of the ransomware that’s circulating today uses RSA’s own formula, or variants of it. Talking about this sinister trend recently, Shamir said, “I think it’s a very serious problem…. It’s going to stay with us and we need to think about new techniques to stop it.”
Nasty and newsworthy
Ransomware is getting a lot of press these days. That’s because more forms of it are popping up all the time, and it seems each one is more sinister than the last.
Cryptowall is perhaps the most notorious ransomware of all. It was primarily distributed through spam emails, dangerous websites, malicious ads and malware. The emails used to distribute this ransomware were very clever indeed. They claimed that the attachment, which really contained the malware, contained a package notice or incoming fax. Once users opened the attachment, their computers were infected and their files were locked. Cryptowall is estimated to have earned $325 million for its heinous creators. The newest version (called CryptoWall 4.0) is even more threatening than its predecessors. Not only does it encrypt files but it also encrypts file names, so users don’t even know what’s been encrypted.
Another well-known form of ransomware is FBI Ransomware, a malware that was installed on people’s computers when they visited sites that had malicious scripts. Once a computer was infected, victims saw a message that purported to be from the FBI stating that the computer had been blocked for several reasons (most of them pretty scary) and that it would be unlocked for a fee. The reasons were entirely fictitious, but the call for cash was not. People feared that if they didn’t pay, they would never get their data back.
Chimera is a more recently identified type of ransomware that puts a new twist on the ransomware threat. Discovered recently by the German-based Anti-Botnet Advisory Centre, Chimera threatens to dump a person’s files on the internet if they don’t pay demanded ransom. This nasty escalation seems to be a way of convincing people who have already backed up their data to pay up anyway, just so that they can keep their personal files from being leaked. Experts say, however, that it is unlikely that the hackers behind Chimera will actually follow through in their threat, as posting people’s information online is time-consuming and leaves an online trail.
Power Worm is another type of ransomware that’s been in the news lately. This one has a twist too, albeit an unintentional one. Power Worm ransomware has a badly coded locker that destroys the keys it needs to restore the information. In other words, once it locks information, that information is gone for good. According to tech website BleepingComputer.com “There is unfortunately nothing that can be done for victims of this infection. If you have been affected by this ransomware, your only option is to restore from a back-up.”
The best defense? An excellent offense.
As with so many things in this world – and especially when it comes to cybersecurity – the best way to fight ransomware is by ensuring that your PC is safe from the start. So here are some crucial measures you should take to help you steer clear of ransomware in the first place, and help ensure your data is safe even if you do fall victim.
1. We’ve said it once and we’ll say it a million times. Never open attachments or embedded links in emails unless you know with 100% certainty that they are safe.
2. Run a top-notch antivirus that catches dangerous links before they make it into your inbox. Our Antivirus software comes with Threat Emulation, which lets you check unknown links in a safe sandbox environment before opening them.
3. Install a powerful pop-up blocker as pop-ups can also contain dangerous links.
4. Keep all your programs up to date. Nothing invites malicious programs more than software that is outdated. The chances of getting hit by ransomware, or any malware in truth, decrease significantly when software is running at its most current version. Also, if there is out-of-date software on your PC that you’re not using, just get rid of it.
5. Steer clear of sketchy sites. Don’t surf to places where you wouldn’t want to meet anyone you know. Stick to safe websites and you’ll eliminate avenue through which hackers try to get into your PC: through malicious scripts.
6. Back up your files. All of them, and now! Though we’ve left this point for last, it’s really of utmost importance. Despite all your best efforts and intentions, there is a chance that you will get hit by ransomware. Maybe someone in your family will click on a bad link, maybe you’ve already got malware on your PC and it’s just waiting to announce that your files have been locked. If you do get hit by ransomware, you may just have to say good-bye to the data that’s been encrypted. That’s why it is SO important to make sure that you back up all your files. Family photos. Mortgage payments. Budgets. Your secret novel. Whatever files are important to you, back them up now and regularly the cloud. Then you know you’re safe, even if you’re computer gets hacked. All ZoneAlarm products, by the way, come with 5 GB of free online backup, and if you ever need more, you can always upgrade through your ZoneAlarm product.
Ransomware is here to stay it seems, and why the good guys are doing everything they can to stop it, the bad guys are doing everything they can to make it even more sinister. That doesn’t mean you need to be a victim, though. Taking preventative measures is critical, and while it may take some time to back up files, update software, and verify unexpected emails before opening their attachments, one thing is clear: none of these minor hassles are as inconvenient and damaging as having your files held ransom by unscrupulous hackers.
What’s your take on this nasty form of malware?