Ransomware Guide

2018 1

Ordinarily, falling victim to a ransom plot means that you are the son or daughter of some wealthy person and the only way to get out of it is by paying tons of money or waiting for Arnold Schwarzenegger or Kurt Russell to come and rescue you, or, at least, that’s what TV would have us believe.

These days being held for ransom can actually happen quite differently with your computer of all things. I’m talking of course about ransomware, a particularly diabolical type of malware, that is to say, bad software, that’s been making headlines recently.

Here’s how it works. Once ransomware gets on your computer, usually through an affected email attachment or the all too common Trojan horse attack, it will lock your computer or your data in some way and demand payment in exchange for giving control of your system back to you.

Some of the simpler forms of ransomware will simply try to fool you into thinking there’s something wrong with your computer and get you to pay money to fix it. A common tactic that we see in those banner ads that tell you that you’ve been inexplicably infected by something. Now often times with those, you’ve got at least rudimentary control over your system still, so the only real issue is that you have to deal with constant pop-ups until you find a way to get rid of the malware.

A much more irritating kind of ransomware will lock your computer entirely and keep you from logging into your operating system unless you pay the money. Many of these varieties of ransomware will display a threatening message purporting to be from the FBI or some other super hardcore police agency, saying that your computer was used for something highly illegal, but you can get your computer back and avoid doing a hard time, just by paying a few hundred dollars. Sounds absurd, right? But people have fallen victims to this and even if you recognize the scam immediately, it can be a real pain to remove.

Worst of all is the ransomware that not only locks your system but also encrypts your files and won’t provide you with the keys to decrypt them unless you pay up. The most notable of these being Cryptolocker, although many other variants have popped up since that one first made the news back in 2013. There are other issues with this type of ransomware, unsurprisingly. Cyber-criminals aren’t the most trustworthy folks, and many people have reported not getting their files back even after paying the ransom. On top of that, some kinds of ransomware don’t even ask permission, they just hit your Bitcoin wallet and take the money without even giving you a chance to say: “Well, hold on, let me think about whether this data is worth paying for.”

So, how can you rescue your computer and protect your cash if you get infected? Many of the non-encrypting types of ransomware can be removed by booting into safe mode and running an up-to-date anti-malware tool. Or, if that fails, downloading a bootable removal tool to a flash drive and running that. However, if you’ve been hit by a crypto ransomware, you’re probably out of luck. As most of these use a very strong algorithm. In fact, the FBI has advised people to just pay these ransoms in the past.

If you don’t like the idea of your money going to online criminals, back up your data somewhere, preferably offline. Remember please, to explain to your grandparents what a banner ad is if they call you in a panic over having fifty viruses on their all-in-one PC.

About David Balaban
David BalabanDavid Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.
In this article


Join the Conversation

Join the Conversation