What is Ransomware and How to Prevent It

Keeping Your System Hostage

For as long as computers have been used, some have found ways to exploit them. Programs designed to attack your system in some way are often referred to as a blanket term ‘Malware.’ This can cover a variety of programs. Most are familiar with the concept of a virus. A simple program designed to either corrupt the files you have, or constantly replicate to take up processing power and space in your computer. Spyware sends confidential information without your knowledge. These are terms that are common, and touted as targets of antivirus software as points of pride. One term that is not as well-known is ransomware.

Ransomware began in 1989, but wasn’t a big issue until 2008. The upsurge started as ransomware operators impersonating the FBI demanding payment as a fine for illegal activities. It was at this time that hackers discovered how lucrative this form of program could truly be. Ransomware growth has been exponential in recent months, possibly the largest growth since its inception. This form of malware has been growing in popularity because of two main reasons. Victims are paying the ransoms, making it continually lucrative, and advances in technology are making such attacks easier. The amount of the ‘fine’ can vary, but typically ranges from between $20 and $600. Some are much higher. According to the FBI Crime Complaint Center (IC3), claims of ransomware between April 2014 and June 2015 totaled a loss of over $18 million.


Access to Restrict Access

This insidious form of malware is designed to restrict access to an infected system until a demand is met- usually paying money to the operators of the program to remove the restriction. Examples of ransomware include locker ransomware spread through social engineering, phishing, and watering-hole sites for effective spreading of the infection. It can also arrive in spam emails or fake software updates. Types can vary, with some locking down an entire computer system except the bare necessities needed to pay the ransom, and others targeting the data and file systems. This would allow you to access the computer, but none of your personal information including files, pictures, audio, video, and even applications.

An additional danger is what may happen if the ransom is ignored. Aside from permanently locking your information away, it could corrupt your system, and result in a total loss of your information. Ransomware is not OS-specific, and has been found on a variety of system software including MS Windows, Mac OS X, and Linux to name a few. Exploiting vulnerable or outdated software in unpatched OS is a common ‘back door’ as well.


Preventing an Infection

No system is 100% safe. However, the likelihood of contracting this form of malware can be reduced by several steps. The simplest and most effective method is to keep routine backups of your information. If the worst occurs, and the system is infected, a wipe will only lose a small amount of new information as opposed to everything. You can clear the memory, and then reload from backup and be on your way. Backups can be as simple as a thumb drive for personal files, or extensive using offsite backups with their own security. Being aware of threats is highly effective as well. Several courses are available on cyber-security training, with options for personal users and corporate offices. Knowing the risks can keep you from entering dubious situations and risking infection. Another highly useful tactic is to keep up to date with your system software. OS is being refined and redesigned fairly often not only for upgrades in usefulness, but also in security. It takes time to hack past security or find faults in the software. If you remain up to date, that prevents many issues of malware including ransomware.

Dealing with an Infection

If you do contract ransomware, several steps need to be taken. First, do not immediately pay the ransom. The reason this form of malware is so popular is because others before you have paid it. This encourages others to make their own ransomware and get paid similarly. Consider the cost of losing files versus paying the ransom, and if you are able to move on without them, clear your system and do so. Encouraging ransomware will only continue the threat. Also, despite the most popular being an impersonation of the FBI, that is the body to contact next. While they may not be able to restore your system, they may be able to help locate the person or persons that are using it. Another group to notify would be the group that provided your security software. This will enable them to access your system with your permission and get a ‘sample’ of the malware. That sample will give them a way to detect and eliminate the ransomware in the future from all systems they cover, not simply your own. Shared information can help to blacklist the source of the infection, and soon all will be able to protect themselves from the spread of this virus. On that subject, consider changing your antivirus provider. If the system in place did not detect and isolate the threat, then what else is not being dealt with accordingly? Locate a new antivirus program or group to invest in, and get rid of the old one.

Recent Posts