Ransomware: What It Is and Why You Don't Want It


Computer viruses are nothing new. Malicious software that attacks, infects and compromises computer systems have been a plague, waiting to strike the personal computer user virtually since Day One. But the concept of “ransomware” has really only come into mainstream existence in the last few years, rapidly growing to become the number one danger lurking out there on the internet.

Viruses that infect and cripple a computer are annoying, costing time, money and effort to deal with. Trojans that compromise systems to steal personal information can have more serious repercussions. But computers can be wiped and operating systems and software reinstalled. Credit cards can be cancelled and passwords changed. Ransomware is utterly malevolent in that it specifically targets the one irreplaceable thing on a computer – your data.


What does Ransomware Do?

Once ransomware arrives on your computer, it begins to systematically encrypt all data files on the system. This includes image files, Word and text documents, Excel spreadsheets, pdf files, audio files like mp3’s, video files – pretty much any file format that could potentially contain information that is of value to you. What exactly does this mean? In the simplest terms, all encrypted files are locked with a password that is unique to your computer. They cannot be opened, they cannot be accessed. They are – quite literally – being held for ransom by a criminal, demanding you pay for the password to get them back.

The encryption keys, or passwords, used are incredibly complex, consisting of a random mixture of up to 2048 numbers, letters and symbols, making them impossible to guess and nearly impossible to crack.


How Widespread Is It?

The first major ransomware infestation was the CryptoLocker malware in 2013.  While the exact numbers are fuzzy, it is estimated that somewhere in the neighborhood of 3 million dollars was paid by individuals and organizations desperate to get their files back. How many of these payers actually received the key to unlock their files is unknown.

Since CryptoLocker led the way, millions of computers worldwide have been infected by a variety of new and increasingly costly ransomware attacks.  Some of the more widely reported have been Cerber, CryptoWall, WannaCry and most recently BTCWare and its variants. WannaCry alone is estimated to have impacted over 10,000 organizations and 200,000 individuals in over 150 countries. No place and no operating system is safe. Ransomware strains exist that attack and encrypt not only Windows-based systems, but Linux, Apple and Android devices as well.


How Does This Happen?

There are a number of ways that ransomware infections are initiated, including drive-by attacks through malicious or compromised websites and open Remote Desktop Connections (RDP) into office networks, however, the most frequent and successful attack method remains infections initiated via phishing emails.

These emails take on all forms, from the blitheringly blatant bogus offers of cheap Canadian pharmaceuticals and unclad Russian girls, to more sophisticated solicitations to download an eFax, bank statement or Amazon Gift Certificate. In all cases, clicking the generously provided link produces the same catastrophic result: ransomware attack, data encryption and loss of your important and irreplaceable personal files.


What Can I Do to Protect Myself?

The best defence against ransomware is to be smart, be vigilant and not become infected in the first place. Make certain your computer operating system is kept properly updated and patched. These patches fix vulnerabilities that allow malware to infiltrate and attack your system.

Microsoft releases new, essential security updates on a regular basis.  Confirm that all your computers are configured to automatically install these updates. Anti-virus software can also be a useful preventative measure – although placing blind faith and full confidence in the claims made by these products is a surefire road to disaster. Nothing is more effective than good old-fashioned care and common sense when it comes to protecting your computer systems and your data.

Do not open any suspect emails. If, by error, you do open a phishing email, close it and shift + delete it immediately. Under no circumstances click on any links, images or hypertext in such emails. Be smart when browsing the web. Stay away from suspicious sites no matter what they promise. Do not click on advertising banners – even on trusted sites – as these can be co-opted to serve up malicious content. Do not download apps from unvetted sites. Do not download software from torrents or file sharing services.


If My Computer Becomes Infected, What Then?

Accidents do happen. A single unguarded moment or careless action and the ransomware is on your computer, encrypting your files. What now?

Once a computer is infected it is often too late to do anything. To remove the malicious software, the computer can be wiped and reinstalled, however, the harsh truth is that the encrypted files may never be recovered. Even if the ransom – ranging from a few hundred to a few thousand dollars per computer – is paid, there is no assurance that once they get what they want, the blackmailers will provide anything in return. Dedicated efforts by anti-virus researchers and developers have produced decryption tools for a handful of ransomware variants, but many more remain insolvable.

However, part of being smart when it comes to malware is to be prepared for it. One of the very best ways to be prepared is to make sure you have a proper backup system in place.

When backing up files locally in your home or office, a series – minimum of two – removable drives should be used. Backup should occur on a regular basis, making sure that your backed-up data is updated at least once a day.  If ransomware infects your system, the backup drives should not be reconnected to a compromised computer until it has been professionally and painstakingly cleaned. The most thorough method, is to wipe the system clean, reformat and reinstall everything fresh before the data is restored to the computer.

Online backup services are another excellent choice. Your data is immediately copied to an offsite location during the backup process, thereby removing it from the reach of the malware. Online backup services also provide protection for your data from physical threats, such as computers being damaged or destroyed due to electrical shock, fire or flood, as well as protection from the possibility of theft. Once again, hardware can be replaced, your data, if lost, is gone for good.


Isn’t This a Lot of Hype over Something That’s Never Going to Happen to Me?

Taking the ostrich approach, rather than facing up to a problem, tends to leave one’s backside exposed to unpleasant surprises. Millions of people and thousands of companies have believed that it was “never going to happen to them,” only to find themselves the desperate and distressed victims of ransomware attacks. Paranoia accomplishes nothing, but being aware and being prepared are essential to keeping your data safe and your peace of mind intact.