If you don’t know what ransomware is, read on.
You’re in danger of losing all of the files on your computer.
Ransomware is a small piece of criminal software that highjacks your computer
by encrypting your files, denying you access to them,
and then demands online payment for their release.
It’s one of the most shameless forms of cyber extortion, and in some cases,
actual blackmail. The threat is very real.
If you use email, browse websites, spend time on social networks,
connect to local networks (at work, at home, or in public spaces),
or use removable USB drives, whether on a desktop, laptop, smartphone or tablet,
you are always a click or two away from a ransomware infiltration.
Don’t be a victim. Outsmart cyber-criminals with a few simple steps.
It’s easy, but only if you know what to look for.
How do you get ransomware?
Most ransomware is distributed by the popular malware infection technique known as
“phishing”in which you receive an email that is designed to look like it comes from
someone you know or should trust.
The goal is to get you to open an attachment or click on a web link in the email,
which then downloads malware like ransomware to your system.
Criminals will study your social networks and other public information
to learn details about you to make their phishing emails more believable,
e.g., by discovering where you went to school and crafting a message that looks
like it comes from your alumni association.
Here’s a real-life example:
Image 1. Ransomware email caught by Gmail spam filter.
Please note the “Prompt Attention Required” heading with a directive to open
the attached file.
Image 2. Another ransomware email caught by Gmail spam filter.
This email contains an attachment “Bank.docx” with Microsoft Visual Basic
for Applications (VBA) macro code. When the attachment is opened,
the enclosed malicious code executes, downloading and automatically
installing ransomware on your system.
Image 3: Ransomware email in a desktop email client. It contains a compressed file
already be inside your default Downloads folder.
Extreme caution is required when browsing those files.
One of the many new techniques that ransomware gangsters are using to distribute
their malicious wares includes the use of social network and instant messaging apps.
For example, criminals may send you a Facebook Messenger post that includes a
graphics attachment with the commonly-used .SVG file name extension.
SVG files look legitimate to the Messenger app and your browser’s white-list filtering,
and so execute automatically when viewed in a standard web browser.
Once opened, the file executes and redirects the reader to a website which invites the
user to install a browser extension so that they can view a (fake) YouTube video.
Installing this extension opens the door for a ransomware infection.
What does it mean for you? Be wary of installing software or browser extensions
in response to social media posts and instant messages.
Image 4. Ransomware-infected .svg file sent through a social network messenger.
Unprotected websites and unsecured web servers are another attack vector
popular among ransomware gangsters. Cyber criminals look for websites with
faulty code and insert ransomware distribution scripts into the web pages.
If you see a warning similar to Image 5 below, it’s best to stay away from that website
until the code is cleaned and the warning message goes away.
Image 5. A warning message preventing users from visiting an infected website.
What does a ransomware attack look like?
- Ransomware file is downloaded to a user computer.
- Ransomware is installed on the computer — usually with the user’s help,
e.g., opening an attachment or double-clicking a link as described above.
- Ransomware starts quietly encrypting the victim’s files
(this can be either immediate, or delayed).
- When the file encryption process is complete, ransomware displays a
ransom message with a countdown timer and instructions how to pay.
Normally the victim is asked to download a Tor browser and make an
anonymous payment using the online crypto-currency Bitcoin.
- Ransomware may also attempt to spread to other systems on the
same network as the infected device, including local backup servers.
Image 6. CryptoLocker. CryptoLocker is one of the earliest ransomware types,
the name has become synonymous with the entire concept of ransomware.
Image 7. CryptoWall. CryptoWall appeared in 2014 and has many different flavours,
such as Cryptobit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0.
Image 8. CTB-Locker. CTB-Locker is mainly distributed through partners in exchange
for a cut of the profits in a business model referred to as ransomware-as-a-service,
reflecting how this method mimics the methods of the legitimate cloud
Image 9. Locky. Like many other viruses, Locky is spread in the form of an email
message with malicious attachment disguised as an ordinary business file,
personal photo, etc.
When opened, the victim is instructed to enable macros, which in turn installs
ransomware and starts the encryption process.
Image 10. Petya and Mischa. Petya and Mischa are often delivered to the user in
one package. Petya locks up the entire computer by encrypting the
Master File Table of the hard drive.
Image 11. Jigsaw. Jigsaw ransomware is setup to delete files one by one every
hour until the ransom is paid.
What to do if you became a victim
of a ransomware attack?
If you have become the victim of a ransomware attack, you have very few options:
- Pay the ransom and hope that your data will be restored.
There are no guarantees that paying up will restore your files.
Some ransomware gangs don’t deliver the promised decryption key.
Others may be caught by authorities, or disappear to avoid being caught,
before they deliver on their end of the ransom bargain.
- Format the hard drive to wipe out all data and then re-install the operating
system and applications.
You lose all of your personal data, may face costly additional licensing fees
to restore your old software environment, and still face the threat of future
- Restore your system from a backup.
What is the best way to protect your computer
Until an active protection technology becomes commercially available, backup
(with a copy of backup data stored in the cloud) is the only sure way to recover
your data after a ransomware attack without paying the ransom.
Run full image backup to an external disk or to Magtech Cloud storage.
If your system is compromised, you’ll be able to restore the entire system
at once, without going through files one by one.
Ransomware poses a real threat to every computer user and every device connected
to the internet. Get educated, be vigilant, and spread the world with your friends and family.
Don’t be fooled, and protect your data with backup.
Speak to your friendly IT person
We are here to help and provide advice and the right solution to meet your needs and budget.
Call Leo on 0429 457776 to arrange an obligation free appointment to discuss a solution
built for you.