‍Government systems crippled and files held to hostage by ransomware.

Ransomware infects 50,000 computers worldwide.

You may have seen similar headlines in recent months. Ransomware has become the computer virus of choice for criminals looking for quick cash. But you needn’t let the criminal win. Let’s take a closer look at how these malicious programs work, how to stay protected, and what to do about ransomware.

What is ransomware?

Ransomware (from ransom plus malware) holds your computer files hostage, demanding a payment to get them back. It does this by encryption, making files inaccessible without a key, which is promised in exchange for the ransom.
‍

It has become popular because more and more people rely on the data stored in their computers. When ransomware first appeared in the late 1980s it was largely unsuccessful because few people cared enough to retrieve their files. Criminals also found it difficult to receive payment. Nowadays, payments can be sent across the world in milliseconds, anonymously, and via virtually untraceable cryptocurrencies like Bitcoin.

How does it infect and spread?

Ransomware usually finds its way onto a target’s system the same way most viruses do: human error. You download a malicious email attachment, click on a fake software update, or respond to a phishing scam. Once the ransomware has been activated, it encrypts your hard drive and displays a message demanding a ransom:

In the background, the ransomware may then use your computer to spread the problem, perhaps by scanning your local network for other devices, or hijacking your email account and sending itself to your contacts. It then repeats and repeats, infecting and encrypting as many systems as possible.

The creators of ransomware prey on ordinary internet users - people who don’t have the time or knowledge to stay up to date with the latest anti-virus software and security advice.
‍

How can it be stopped? 

The best way to stop most viruses, including malware, is to keep everything up to date. That means your operating system, browser plug-ins, anti-virus, and any other software you run. Ransomware nearly always takes advantage of a vulnerability in an outdated piece of code. Software updates patch such vulnerabilities (with professional ethical hackers often behind the fix). It’s especially important to make sure you are running the latest version of your anti-virus. If it’s out of date, it won’t be able to protect you from the newest threats.

Our second piece of advice is to create backups. Ransomware is useless if the hostage files exist elsewhere! If you have a backup you can just wipe the infected device and restore your files from it.

What if it infects my computer? 

You’ve been hit by a nasty ransomware that’s demanding $500 in 24 hours or all your files will be destroyed. You have no backups, and you don’t know what to do. This is where things get tricky. Often, old versions of ransomware have already been deconstructed by security experts and global decryption keys are available online, which will recover your files for free. Try a quick search for the name of the ransomware that’s hit you (it’s usually somewhere on the ransom page) plus “decryption key” to see if a master key is available.

Unfortunately, if you’re hit with the latest ransomware, there’s probably no key available, and there likely won’t be until long after your files have been wiped (if the infection comes with a timer). So do you pay or not? Oddly, ransomware creators tend to pride themselves on actually returning files to people that pay them, in order to create an atmosphere of trust that leads to more payments in the future. So transferring the money may result in the delivery of a decryption key.

Unfortunately, this isn’t always the case, either because the creators experience errors in the payment system, or because they are spiteful. Our advice is: do not pay the ransom, as it will encourage the further proliferation of ransomware. But we also understand that if you’ve lost files that are worth more to you than the money requested, you may feel compelled to attempt to recover them, and that is entirely your choice.

The most important thing you can do is keep your systems up to date and your files backed up.