For the past couple years you may have noticed the appearance of a new and very nasty type of computer threat called Ransomware. According to Kaspersky a computer gets infected with a ransomware every 10 seconds! In 2017 more than 150 countries got affected by the variant of ransomware called WannaCry. It truly did make a lot of people want to cry, since the damage it inflicted is estimated to be over 1 BILLION dollars!
So, how does this ransomware work? Let’s take a couple of moments to see how it infects your computer, and what it does to it after that.
Stage 1: Infection
Ransomware usually tries to infect your computer via two ways. The first one is infected Email attachments. Using a technique called phishing, hackers can learn about you through your LinkedIn or Facebook accounts, then send you an email making it sound like it came from your colleague or friend. This Email would contain an infected attachment with a name relevant to something you would receive from them. By researching you and your habits, hackers make fraudulent emails more credible, and increase the chance that you will click on the infected attachment.
Another way ransomware infects your computer is through compromised or infected web pages. In this case, you can receive an email, text message on your phone, or even LinkedIn or Facebook post with a link. This type of message or post is crafted to make it look legitimate and entices you to click on it, bringing you to an infected webpage. After that, the ransomware on the page scans your computer for vulnerabilities. If it finds one, then ransomware immediately uses it to infect your computer.
Stage 2: The damage is unleashed
Upon infecting your computer, the first thing ransomware does is scan your computer and every external storage media for files, which are important to you. For example, your photos, videos, music and MS Office files would be a great candidates. Once the files are found, be that locally or on the network, ransomware encrypts them with its own secret key. After the files are encrypted, they are useless to you, since their contents are rearranged in such a way that your computer doesn’t understand them anymore, and cannot open the files. Note that system files belonging to operating system are usually untouched. That would render your computer inoperable and prevent ransomware with proceeding to the next step.
Stage 3: Ransom Demand
Once the ransomware does its dirty deed and encrypts every file dear to you, it comes up with a ransom letter. In the letter it explains to you that your files are encrypted and in order to get them decrypted or put back in the order they were before and make them accessible again you have to pay a ransom. You see, a simple transfer of money would be easily trackable by authorities and hackers would be caught very quickly. That is why hackers came up with a more sinister scheme to use another type of currency called BitCoin. This currency is legitimate and is used on the web for financial transactions. However, hackers took liking to Bitcoin for its anonymity. It is practically impossible to trace BitCoin transactions making money exchange secure for hackers and untraceable for us. Since most of us don’t have BitCoin lying around, hackers “politely point” you to the legitimate sites where you can purchase BitCoin with your money. Then they tell you where to go to pay with your newly purchased BitCoins. In return, hackers should send you a key or make ransomware decrypt option available, so you can get your files back. The ransom asked to be paid varies, but on average it is about $679 worth of BitCoins. To deliver even more bad news, there is no guarantee that after you pay, you will get your files back. There have been many reports of users paying and not getting anything in return! Sounds gruesome doesn’t it?
So what do you do? How do you stop this nightmare?
There are several things you may want to do to decrease the risk of infection:
Keep your operating system updated
It is widely proven that most of the ransomware uses vulnerabilities found in operating system such as Windows 7, 8 and 10. By updating your operating system regularly, you fix those vulnerabilities, so when ransomware tries to infect your computer the loopholes are closed! In Windows operating system you can set it up so it updates automatically and all you have to do is restart the computer every now and then when the updates are applied.
Properly choose and install your antimalware solution
Your protection software plays a huge role in defending your computer from all sorts of malicious software (malware) including ransomware. It can detect malicious behavior and stop it in its tracks before it can do significant harm. Keeping proper and updated antimalware solution is absolutely necessary to keeping your computer clean and protected.
The final frontier of protection: Backup
You may be surprised to hear that the best protection against ransomware is by being proactive. Instead of trying to recover your computer after it has been infected (which proves to be more and more difficult lately) you simply restore it to the previous uninfected state! You keep backups of your whole computer on external and protected media. If your computer gets hit by a ransomware attack, instead of paying hackers and praying that they will decrypt your files, simply restore your computer from the previous backup! There are many backup solutions out there on the market, which will help you with backing up your computer, however the current leading one is called Acronis. It can make a comprehensive backup of your computer and easily restore it to the previous state when disaster strikes.