Understanding ransomware

What is ransomware?

Ransomware is a type of software that blocks the user from using all or some features of their device and demands a payment (ransom) to return the device under the user’s control.  Depending on the type, ransomware may prevent the user from access to a single program, directory, or the entire system. Most advanced types of ransomware actually encrypt the user’s system so that no data can be recovered without the key from the attacker. Once the device is infected, ransomware will present the user with a message demanding payment and providing instructions.

Historically, ransomware was designed to target personal computers, however, as we have surrounded ourselves with an ever-growing number of connected devices, ransomware now also affects tablets and smartphones, and in the not-so distant future will extend to cars, thermostats, and any other connected devices that may hold valuable data or control important functions of your life. (Security researchers have already found a vulnerability that allows ransomware to take over smart thermostats.)

Ransomware attacks are on the rise, and households are often more vulnerable than businesses because they lack the corporate-grade security technologies and protocols. However, simple precautions can help home users reduce the risk and simplify recovery.

How does ransomware get on your device?

Usually, ransomware gets installed on the device as an unintended result of the user’s action — surfing websites with malicious content, downloading unverified programs or files, or clicking attachments in email messages. A common red flag may be a pop-up message on the website telling you that your computer may have a virus or other problems, and directing you to download a program to fix it. Another red flag may be an email from someone you don’t recognize directing you to open an attachment.

In some cases, ransomware can also be installed by the attacker directly, without the user’s knowledge or interaction. A vulnerability in the device software or home network security may grant the attacker direct access to the device and the ability to directly install ransomware.

Recovery and prevention

Unfortunately, modern types of ransomware are practically impossible to remove. If the attackers have encrypted the data on your device, you have only two options to regain control of your device:

  • Start from scratch (almost). This is your best option, assuming you have backups of your data, or even better, a recent system recovery backup. Reload the operating system on your device, and use the system recovery utility (both Windows and MacOS have one) to return the system to the better days. If you don’t have a system recovery backup, you will have to manually reinstall all the applications and then copy over your backed-up files.
  • Paying the ransom. If you don’t have backups and you absolutely must have your data, you can trying paying the ransom. Unfortunately, there is no guarantee that the attackers will hold up their end of the bargain (they often don’t), and even if they do unlock your device, they will likely leave some nasty spyware or malware on it, to allow them steal more information or use your device for other purposes.

Prevention boils down to three main tactics:

  1. Avoid downloading files or applications from untrusted sources, or opening email attachments you were not expecting to receive.
  2. Keep your antivirus and applications up to date with the latest updates and patches. The antivirus can catch many know malware files before they get installed and encrypt your drives, and patched applications are less vulnerable to being hacked.
  3. Create regular file backups and/or system restore backups. This will help you recover quickly if you do fall victim to ransomware.
No comments

Comment on this article