Ransomware 101

RANSOMWARE 101

“Government systems crippled and files held to hostage by ransomware.”

“Ransomware infects 50,000 computers worldwide.”

You may have seen headlines like these in recent months. Ransomware has become the computer virus of choice for criminals looking for quick cash. But you needn’t let it win. Let’s take a closer look at how these malicious programs works, how to stay protected from it, and what to do if it gets in.

WHAT IS IT?

Ransomware (from “ransom” plus “malware”) holds your computer files hostage, demanding a payment to get them back. It does this not by theft, but by encryption, making your files inaccessible without a key, which is promised in exchange for the ransom.

It has become so prevalent because more and more people rely on the data stored in their computers. When ransomware first appeared in the late 1980s it was largely unsuccessful because few people cared enough to retrieve their files. Criminals also found it difficult to receive payment. Nowadays, payments can be sent across the world in milliseconds, anonymously, and via virtually untraceable cryptocurrencies like Bitcoin.

HOW DOES IT INFECT AND SPREAD?

Ransomware usually finds its way onto a target’s system the same way most viruses do: human error. You download a malicious email attachment, click on a fake software update, or respond to a phishing scam. Once the ransomware has been activated, it encrypts your hard drive and displays a message demanding a ransom:


WannaCrypt.jpg


In the background, the ransomware may then use your computer to spread to others, perhaps by scanning your local network for other devices, or hijacking your email account and sending itself to your contacts. It then repeats and repeats, infecting and encrypting as many systems as possible.

The creators of ransomware prey on ordinary internet users—people who don’t have the time or knowledge to stay up to date with the latest anti-virus software and security advice.

HOW DO I STOP IT?

The best way to stop most viruses, including malware, is to keep everything up to date. That means your operating system, browser plug-ins, anti-virus, and any other software you run. Ransomware nearly always takes advantage of a vulnerability in an outdated piece of code. Software updates patch such vulnerabilities (with professional ethical hackers often behind the fix). It’s especially important to make sure you are running the latest version of your anti-virus. If it’s out of date, it won’t be able to protect you from the newest threats.

Our second piece of advice is create backups. Ransomware is useless if the hostage files exist elsewhere! If you have a backup you can just wipe the infected device and restore your files from it. Check out this list of trusted software for backing up files.

WHAT IF IT INFECTS MY MACHINE?

You’ve been hit by a nasty ransomware that’s demanding $500 in 24 hours or all your files will be destroyed. You have no backups, and you don’t know what to do. This is where things get tricky. Often, old versions of ransomware have already been deconstructed by security experts and global decryption keys are available online, which will recover your files for free. Here is an example of the “TeslaCrypt” virus being rendered useless. Try a quick search for the name of the ransomware that’s hit you (it’s usually somewhere on the ransom page) plus “decryption key” to see if a master key is available.

Unfortunately, if you’re hit with the latest ransomware, there’s probably no key available, and there likely won’t be until long after your files have been wiped (if the infection comes with a timer). So do you pay or not pay? Oddly, ransomware creators tend to pride themselves on actually returning files to people that pay them, in order to create an atmosphere of trust that leads to more payments in the future. So more often than not, transferring the money will actually result in you receiving a decryption key.

Unfortunately, this isn’t always the case, either because the creators experience errors in the payment system, or because they are spiteful. Our advice is to not pay the ransom, as it will encourage the further proliferation of ransomware. But we also understand that if you’ve lost files that are worth more to you than the money requested, you may feel compelled to attempt to recover them, and that is entirely your choice.

The most important thing you can do is keep your systems up to date and your files backed up.

Share this article with your friends and family and help them to stay secure too!


Ransomware has become the computer virus of choice for criminals looking for quick cash. How can we stop it?