Ransomware is a kind of malware that locks up your own data using sophisticated encryption. Usually, the way to get it back is to pay up a fee – thus the term ransomware – they literally hold your data hostage and demand a ransom.
Ransomware is not new but is increasingly getting better and more widespread. They’re also targeting users who’ll easily pay up. Businesses, old people, even police departments. NYTimes recently had a funny and yet chilling op-ed on ransomware, which inspired us to write this explainer.
What exactly does ransomware do and is there a way to protect yourself from it? Read on to find out.
How Does Ransomware Work?
Ransomware, like any other malware, makes its way through shady email attachments or pirated or infected file downloads. Ransomware apps are a bit more stealthy than usual malware. They’re not easily detectable by antivirus apps.
Once the malware is installed, it will encrypt all the important files that you might have. This means MS Office documents, text files, PDFs, videos, and more. And the encryption, using RSA-2048 is pretty tight. Most of the time, the only way to decrypt is using the private key generated by the malware, which is usually on the attacker’s server – out of your reach.
Short of paying up – using pre-paid cards, wire transfers, or Bitcoin you don’t have many options. The asking price might start at $500 or more. Some ransomware keeps increasing the price for every week you refuse to pay.
Is All Lost?
Ransomware usually just locks your files, it’s not known to steal your data, but now that they have access to your PC, there’s nothing stopping them. Some new ransomware is known to add pornographic material on your PC and then offer to remove it for you – at a price.
And ransomware isn’t just limited to Windows PCs, it’s known to affect Android smartphones and even Macs.
Of course, there are all sorts of ransomware viruses out there. From dead serious and uncrackable to some that are merely posers.
But malware like CryptoLocker, CryptoWall, and PowerLocker are all serious threats.
More about online security: Check out our Ultimate Guide to password management to learn how to create strong passwords and save your important data from being hacked.
Turns out, even cloud services like Dropbox and Google Drive are not out of reach from ransomware. If you have one of those services installed and running on your PC, the files on the cloud servers will also be encrypted. What’s more, this might lead to your cloud account being compromised.
“We predict ransomware variants that manage to evade security software installed on a system will specifically target endpoints that subscribe to cloud-based storage solutions such as Dropbox, Google Drive, and OneDrive. Once the endpoint has been infected, the ransomware will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data,” McAfee’s report on 2015 cyber risks noted – Source
How Do You Keep Your Files Safe?
Let’s say you’re the kind of person who doesn’t believe in giving into demands from criminals. Because that’s only going to make them stronger. It’s the same as a kidnapping, you don’t give in to the demands.
Except of course, when you have no backup of the data and you really need it. Then of course you’ll pay.
To make sure it doesn’t come to that, your only option is to create a backup. And not just any backup. A backup that’s not linked to your computer, and isn’t on a cloud storage that’s also signed in to your PC. It needs to be on a separate drive, disconnected from it all.
This means getting an external hard drive and backing up to it every other day or on the weekend.
And data backup is useful for many other instances. In case you lose your laptop, it goes bust, your hard drive goes kaput, or your house catches fire.
After backing up, you need to make sure you don’t install the malware. That means not downloading email attachments from people you don’t know and staying away from the dark corners of the internet. Not downloading pirated stuff will help as well.
What to Do with an Infected Computer?
If your computer is infected with ransomware and you already have the data backed up somewhere – that you can easily restore – you’ll want to get rid of the malware app completely.
For this you’ll need to format the computer and start fresh. Because the malware is encrypted and there’s no way for you to disable it, wiping is the only option. Alternatively, you can also try to do a system restore from a point before infection.
Let us know your experience with ransomware in the comments below. We sure hope though that you have no such memories to share, and will never have.