Ransomware is one of the most popular forms of online attack today
Let’s find out what ransomware is, how it works and what could make you vulnerable to attack. Also, let’s see if there is an answer to the most common question: Is Ransomware Removal possible?
What is Ransomware?
Ransomware Definition: It typically begins with the victim receiving an email that includes a link or file which contains dangerous malware. But you can also get infected by the malware by visiting website that has compromised ads. The MALWARE works by locking your computer to prevent you from accessing data, files, folders and drives until you pay a ransom, usually demanded in Bitcoin (a form of digital currency). In some cases, the entire network the computer is connected to can become infected.
Ransomware has been an Internet pestilence for more than a decade, but only recently has it made mainstream media headlines. The new trend in ransomware attacks is the targeting of hospitals and other healthcare facilities. Private, confidential patient information is held hostage until a ransom is paid. Unfortunately, because hospitals require constant access to up-to-date patient records and other important information, they are an easy target for this kind of extortion. These types of victims are likely to pay a ransom rather than risk delays that could result in death and lawsuits.
Before paying the Ransomware Demand
If you are infected with Ransomware here are your four options:
1) There could be a free decryptor tool available that can decrypt your files from a specific form of ransomware.
2) The criminals will give you the key to decrypt your computer if you pay the ransom.
3) They will never reply if you pay.
4) They can’t decrypt the files, because of errors on their part or in your attempt to undo their encryption, you inadvertently caused the undoing of encrypting your own data.
Ransomware is rampant because it works and most victims are unware of the possibility of Ransomware removal. Criminals are thought to favor bitcoin as a preferred form of money transfer because it is harder to track than conventional payments and easily transferable between countries because it bypasses banking systems.
Ransom demands are generally in the $500 to $1,000 range. If you are hit with ransomware, having a good remote backup with incremental version history is a lifesaver. Not only does the knowledge that your files are backed up provide peace of mind, it can safeguard irreplaceable documents with sentimental value, such as photographs.
You can contact your insurance company when hit with ransomware. Some policies cover ransoms or recovery efforts. Policy costs will almost certainly go up afterward, however.
How to prevent a Ransomware Virus
Hackers are automated like robocalls and are not particularly sophisticated. But they won’t hesitate to put you on the hit list in hopes of generating another $500. So whether you are a first time victim or it’s already happened to you, remember:
Your best prevention is to stay as ahead of the game as possible. Always stay one step ahead by making sure you have adequate security software and back up processes in place. (MLJ recommends contacting Bill Foltyn at www.dhk.com to find out methods for security and back up.)
Getting a secured, reliable, incremental backup going now is the best advice (Sadly, nothing is 100% reliable in I.T., so having a plan B is good to ponder). Even products that claim to somehow block all ransomware attacks can’t prevent the biggest reason that ransomware attacks succeed: criminals trick victims into taking an action that inadvertently undermines the security of their device.
Other ransomware prevention steps:
- Patch software security holes.
- Install antivirus software and update it regularly.
- Resist opening emails and attachments that you don’t know the source of or if the subject line seems questionable.
- Be selective about what websites you visit and especially careful with the files, documents, games and applications you download.
- Choose a strong password that it’s not easy to guess by avoiding easy combinations like addresses and birth dates. And don’t forget to change your passwords every so often.
- Review your web browser and privacy settings.
- If you enjoy shopping online, make sure you are in secure site.
- Be careful about what you post to social networks, as the internet does not have a delete key.
- Disconnect as quickly as you can to prevent from spreading the virus further.
In a ransomware attack, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network.
How does Ransomware work?
There are two main types of ransomware: Locker ransomware, which locks the computer or device, and Crypto ransomware, which prevents access to files or data, usually through encryption. However, each type can have different strains that will spread differently. Here are some of the most common strains:
WannaCry: This is a widespread ransomware campaign that is affecting organizations across the globe. WannaCry infected more than 100,000 computers in May 2017 by taking advantage of an unpatched Microsoft Windows vulnerability.
Locky: It first appeared in 2016, and is a relatively sophisticated example of ransomware. It usually infects users via malicious Microsoft Office attachments to emails.
TeslaCrypt: It appeared in 2015, and initially targeted and encrypted saved data and other files generated by computer games. It’s typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities.
CryptoLocker: This ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013.
CryptoWall: It first appeared in early 2014, and variants have emerged with a variety of names. The ransomware is spread by a variety of methods, including attachments in emails purporting to come from financial institutions, exploit kits that exploit vulnerabilities in users’ software when they visit malicious web pages, and web pages that display malicious advertisements.
ZCryptor: This is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and infecting external drives and flash drives so it can be distributed to other computers.
Cerber: It targets cloud-based Office 365 users and has impacted millions of users using an elaborate phishing campaign.
Users are generally not aware they have been infected until they can no longer access their data or until they receive a message demanding a ransom. At this time, the question becomes: is Ransomware removal possible or should you pay the ransom?
Should you pay the ransomware demand?
The key objective of ransomware is a psychological one — to instill fear, uncertainty and dread in the victim. So, the first thing to do is breath deep and try not to panic. It’s important to be informed and understand how important it is to protect from ransomware.
Assuming you don’t have a recent backup you can restore, fear not: With at least some strains of ransomware, the good guys have already worked out a way to break or sidestep the encryption making Ransomware removal a possibility.
Until a credible decryption tool can be made available, it is strongly recommended that you do not pay the ransom. It will likely only increase your chances of being a victim in future cyber attacks.
An analogy: You should never bribe your kids with candy, but sometimes you have to, like on an airplane. Your kids know when they have leverage, as do hackers, and if the backup process you have put in place is weak, paying may be the only chance of getting files back. However, if you pay, you are almost guaranteed to get hit again. In some cases, ransoms prices are going down to make them cheaper than fixing the problem. Hackers figure it’s better to get lots of small payments than bet on one big one.
The bottom line is that the easiest attack to deal with is certainly the one you have been able to avoid all together. The second easiest is the one you’ve already prepared for. We’ll leave you with this: “It’s OK to pay, but it’s much better not to.”