Ransomware has been gaining notoriety since 2013, when the Cryptolocker virus hit the scene and started locking down peoples files. For some, it was photos, for others, it was important business documents. Either way, Cryptolocker and its copycat cousins have been causing both financial and emotional headaches for a number of years now.
Ransomware is a program that gains access to your files and encrypts them. This encryption is then followed by a threat to ‘pay-up’ or the files will be deleted, never to be seen again. These cybercriminals will usually give you a set number of hours, to make payment, otherwise the files will be deleted. Once payment is received the cybercriminals will release the files. They generally offer a passkey or decrypt the files themselves. However there is no guarantee that, upon receiving funds, they will actually do so. Unfortunately, because many people do pay the ransom, the number of cyber criminals using ransomware has grown substantially over time. Kaspersky labs data suggest that ransomware crimes have risen from 131,000 victims in 2014 to 728,000 in 2015!
How does your system get infected?
Most commonly, cybercriminals will gain access to your computer and files via malicious links in emails, social media or suspicious websites. They may gain access via a trojan horse that is downloaded via fake email attachments or malicious downloads. Once these files have access to your computer they begin to encrypt your data, using highly secure encryption methods. Effectively, these methods are so secure that it can be impossible to recover the encrypted data without a passkey.
There are a wide number of ransomware scams that are currently being conducted, including cryptolocker, cryptowall and teslacrypt. While each of these varies in the specific execution of its strategy to get onto your system, lock your files and demand money, the scam is effectively the same.
What do cyber criminals want?
There are a variety of reasons why hackers and cyber criminals do what they do, but for most, the underlying purpose is to profit. The unfortunate thing about ransomware is that it can be very difficult to trace the perpetrator. Coupled with the fact the criminal usually demands bitcoin, rather than traditional currency, it can be extremely difficult (if not impossible) to track offenders. And it is for this reason, criminals are drawn to this type of scam.
How to remove Ransomware
Unfortunately, there are not a lot of options for those who have been victims of ransomware. One can pay the criminal and hope they release your data. Alternatively you can accept your data is gone and be better prepared for next time. It should be noted that removing the actual ransomware program is possible, it is recovering the encrypted data that is extremely difficult.
Fortunatley, there are now groups who are gaining access to the keys, that cyber criminals use to lock your data. An initiative called No More Ransom is a collaborative that is working to fight against ransomware, by providing access to keys to unlock encrypted files. While this may be a long shot for those who have already been infected, it is one option that should be considered by those who have fallen victim to ransomware.
The best strategy against ransomware is a data backup. With an appropriate data backup strategy, ransomware is relatively ineffective. Should the criminals delete your files, a data backup should quickly and seamlessly replace the deleted data allowing you to get on with your life or with your business. Importantly though, if a cyber criminal has been able to access your data, it is important to assess how they managed to get through. Was it poor security settings? Or did someone download an attachment that they shouldn’t have?
Incidences of ransomware have increased over the past number of years, given the relative ease in which cyber criminals can profit from the strategy, without being tracked. While it is possible to get a passkey, by paying a ransom or a public repository, a data backup is the best solution/prevention to a ransomware attack, as it renders the cyber criminals strategy useless.
Need help with addressing Ransomware in you business?
If you would like to know more check out our IT Security page page.
Organise a Free IT Consultation
If you would like to discuss business IT solutions Brisbane based UnderCtrl offers a free consultation to discuss how our business IT solutions can be used in your business.