Updated · Dec 03, 2022
What Is Ransomware and How to Stay Safe?
Updated · Oct 16, 2022
Hey, cyberspace traveler.
So you wonder what ransomware is, eh?
You’ve come to the right place.
Here is a simple ransomware definition:
Ransomware is a type of malicious software that blocks users from accessing their data. The malware requires a payment to release the files, usually in cryptocurrency.
That’s more or less every dictionary’s explanation of ransomware. What a dictionary can’t tell you is that this malware is on the rise.
Last year alone, ransomware grew more than any other type of malware. Moreover, more than 4,000 ransomware attacks occur every day.
With that in mind, one thing is sure – ransomware will continue to endanger systems in 2021.
That’s why we need to understand what it is and how it works to be able to protect our devices.
Thankfully, ransomware isn’t invincible, and there are ways to remove it.
But let’s start with the basics.
What Is Ransomware
Okay, so we’ve grasped the idea of a ransomware attack.
However, it’s arguably enough, so let’s delve a bit deeper.
Imagine you are a medieval king. While you are away, on a march with your troops, an unfortunate event occurs.
Since your troops are with you, there aren’t many left to guard your castle (lack of good antivirus software).
At that exact time, an unknown barbarian king and his army approach your castle. Maybe someone was misled (phishing) and invited him in. Or it was a planned attack.
The enemy’s horsemen bypass your ballista towers (OS patches) and occupy the throne room. Your kingdom’s treasury lies below that very room.
The problem is its riches sparkle behind a massive oak door, sealed with the biggest lock your royal blacksmith could forge. Meanwhile, your messengers alert you of what’s happened.
Naturally, you ride back on your faithful white stallion, a massive golden key swaying on your neck. Once you reach your castle’s gatehouse, an enemy emissary greets you.
He claims the barbarian occupiers will leave your castle if you give them a part of your treasury. Otherwise, they’ll burn the castle down, along with the adjacent buildings.
See, the same happens when a ransomware attack hits a system. Users’ data is held hostage until they pay a ransom.
But it gets worse:
Sometimes even when they pay the ransom, users can’t recover their data. (No one trusts barbarians, right?)
Unfortunately, 17.5% of all infected companies paid the ransom, yet still lost their data.
Be that as it may, many people and organizations still pay cybercriminals to retrieve their data, making ransomware a profitable venture. Furthermore, a business falls victim to a ransomware attack every 14 seconds.
That’s some incentive to take care of your digital security.
To reach the Nirvana of online safety, we must start our journey with ransomware’s entry points.
How Does Ransomware Infect a System?
The most common way a ransomware virus (or any other malware) infects a device is through phishing attacks.
They are either spam emails, which prompt users to click on an infected link or contain a malicious attachment.
Social networks are the second most popular phishing channel.
Finally, there’s a method of delivery known as a drive-by download.
It occurs when a visitor clicks on an infected site and thus, unknowingly downloads and installs the malware.
Once it infects a system, it can either encrypt files or block users’ access to them.
There’s a slight difference between the two, depending on the ransomware type, although in both cases users can’t use their data.
Types of Ransomware – the Wolves in Sheep’s Clothing
There are many types of ransomware. Here are the most common ones:
Also known as locker ransomware, this type of malware does precisely what its name suggests.
A fullscreen message denies access to your device, demanding a ransom.
You can’t do almost anything on your device, except communicate with the attacker and pay the demanded amount.
This type of ransomware encrypts users’ files, making them useless. Only after purchasing a decryption key can users access their data.
Since payment is made mostly with Bitcoin, some ransomware even provide articles, explaining what bitcoin is and how to buy it.
Most often, these attacks have a time limit, asking visitors to pay before the deadline, or they lose their files.
Usually, there is a second countdown timer, which increases the ransom.
This type of attack is a little different from typical ransomware.
Not only does this malware encrypt your files, it also threatens to reveal sensitive information publicly.
The word derives from “doxing” – a term used by hackers, which means hacking and publishing sensitive data online.
Doxware is also known as extortionware.
Ever seen this type of message?
“Your computer is/may be infected!”
Followed by a list with at least a dozen infections.
This is a typical scareware message.
This type of malware appears as a warning from a fake antivirus program, which can remove your non-existing infections. When downloaded, however, instead of cleaning your system, it steals the user’s data.
This attack has two consequences. First of all, victims pay for the fake antivirus, sharing their credit card information to a cybercriminal.
Second, they install malware on their device, which could allow threat actors to access your files, spy on your online activities, etc.
This attack may also appear as a message from the FBI, NSA, or other similar agency, which claims someone used your computer for malicious purposes (visiting child pornography sites, sending phishing emails, etc.)
To regain access to your device, you must pay a “fine.” Still just another flavor of ransomware, though.
Imagine you are a cybercriminal and you want to launch a ransomware attack. The problem is – you don’t know how to create one.
So what do you do?
You pay someone to use their ransomware.
This is what Ransomware-as-a-Service means.
There are many RaaS vendors in the Dark Web – each subscription can cost between $39 to more than $1900.
This scheme is used mostly by novice cybercriminals, which can personalize the chosen ransomeware without having advanced coding skills.
One of the most famous RaaS portals – GandCrab, shut down in June 2019. Its creators claimed their “clients” made $2 billion for one year.
These are the most common types of ransomware attacks.
Now let’s see what happens once they infect a system.
How To Find Out if Your Device Is Infected With Ransomware?
Usually, if your device is infected, you’ll know.
Unlike many malware, ransomware attacks are often apparent – you get a big image with a message explaining what has happened and instructions on what to do next.
Not all attacks behave like that, though. For those cases, here are the telltale signs of a ransomware infection:
- You can’t open your files.
This happens when encryption ransomware hits your device. Windows and Mac systems can’t seem to find the programs, which open your files.
- Strange file extensions
We all know the common file extensions – like .jpg, .doc, .exe. But when encryption ransomware is involved, the extensions change, usually with the name of the attack. Let’s say we want to open a file named Picture.jpg. Here’s how different ransomware will change its name:
WannaCry – Picture.jpg.WNCRY or Picture.WCRY
AutoLocky – Picture.jpg.locky
777 – Picture.777
Finally, there are cases where the new extension is random, – or there simply isn’t one.
- There are instructions for a demanded ransom.
Cybercriminals leave a note with every ransomware attack.
This note is usually a text file, located somewhere where you’ll see it. Most often it’s on your desktop, but some attackers leave a note in every folder that contains encrypted files.
So once infected, what should you do?
What To Do if Infected With Ransomware
First of all – don’t pay the ransom right away.
Although these attacks come with a timer, you have enough time to do several things first.
First, you have to determine whether this is a real ransomware attack or a fake one.
If you can get past the ransom note and access your files, it could most likely be scareware attack, and you can go past and remove.
If you can’t access your files, be it because of encryption or lock-screen, here’s what you should do:
First – you need to know which ransomware has infected your system. To do that, you can visit nomoreransom.org. It also provides a solution and decryption tools for any of the ransomware families in their database.
If there happens to be a solution for your infection – use it.
There are cases where you don’t find one.
Then, you need to disconnect your machine from the network, to contain the infection.
WannaCry, one of the most notorious ransomware attacks in 2017, was able to spread to all connected devices, regardless of the connection type (wired/wireless).
Now it gets tricky.
To Pay, or Not to Pay: That Is the Question
This is the moment to stop and think if you should pay the ransom.
Keep in mind neither of these decisions offers a 100% chance you’ll get your data back.
There are other variables in place as well. Here’s a recent example:
On May 10th, 2019 Urban One suffered a ransomware attack. The company didn’t pay the required ransom but lost up to $800,000 in revenue. That’s on top of the $500,000 extra they had to pay to restore their system.
So we can add this kind of loss to the equation too.
*Interesting fact – The same amount of money - nearly $800,000 (50 talents of silver) was the ransom Julius Ceaser proposed for himself when Cilician pirates abducted him in 75 BCE. The funny thing is – they wanted 20 talents, but the story goes he laughed at their face and said they should demand 50. Later on, after his release, he got back his 50 talents. Maybe you can guess what happened to the pirates. Need a hint? Crosses were very popular back then.
Anyway, back to ransomware.
When you wonder whether you should pay or not, here are the possible scenarios that could happen:
You decide to pay the ransom.
Although most cybercriminals will keep their word and decrypt your files, there isn’t any guarantee they’ll do it. There’s a chance they’ll take your money and leave the system as it is.
That said, if you are going to pay, you can negotiate to lower the demanded amount. Most cybercriminals will agree on a smaller ransom, instead of risking not getting anything at all.
There’s also the fact that you’re rewarding cybercriminals for their illegal efforts. That’s something you can choose to consider or ignore.
You decide not to pay the ransom.
So you know the ransom’s definition and you decide not to negotiate with terrorists.
Here’s how you should proceed:
If you intend to contact the authorities once it’s all over, make screenshots or take pictures of your screen before you continue.
How To Remove Ransomware and Recover Your Data in Three Easy Steps
Keep in mind the next part of this post doesn’t guarantee you’ll save your data.
With that said, here’s what you should do:
Use an antivirus or anti-malware program to remove the infection.
Good examples of such software, which also include ransomware removal are:
You may need to reboot your device in safe mode to be able to remove the ransomware.
If you have a backup of your files – now is the time to be thankful you’ve done it.
See, most encrypting ransomware copy and encrypt your files, then they delete the original ones.
That’s why such a tool may prove efficient.
If this method doesn’t work, try the decryption tools we mentioned earlier – like No More Ransom. Alternatively, type “ransomware decryption tools” in Google and try one (or more) of the results.
If you’ve found a solution, by now you should have a clean system.
Nevertheless, you may be dealing with a new ransomware version, which could prove to be a problem.
If that is the case and you don’t want to pay, you can just give up the files and reinstall the operating system.
Remember the picture you took before you started fighting back?
Now is the time to use it. You should contact the authorities about the ransomware attack.
That’s the way to go if you have insurance or want to file a lawsuit. It also helps agencies keep track of these attacks.
Ransomware Protection – Can We Immunize Our System Against Ransomware Attacks?
Like with most malware, prevention from ransomware begins with an up to date operating system.
The same goes for any antivirus/anti-malware software you’re using. If you don’t – it’s a good idea to install one.
There are many anti-ransomware programs available online as well. Such an example is the MalwareBytes anti-ransomware tool.
If you want free ransomware protection – Kaspersky has you covered with a tool of their own.
If you combine these three simple solutions, you’ve done the best you can to ensure your system’s safety.
Anyway, technology alone is not a solution – there’s a human factor involved as well. Aim to avoid clicking on spam emails and browsing shady sites - those are big no-nos in terms of online security.
Last but not least – back up your important files regularly. You can use a cloud-based service, a USB flash drive, or an external hard drive.
Let’s summarize what you need to have the best ransomware protection:
- Up-to-date OS and antivirus/anti-malware.
- Online threat awareness
- A backup of your important files.
I know it could be annoying, especially the backup part, but those are the facts. After all, these three simple tips can save you a ton of headache and up to $1 million in cash.
A ransomware attack isn’t a joke. It denies access to your files, which is a hassle for both individuals and companies.
What’s more, these attacks keep popping up. In 2018, there were 500% more ransomware attacks, compared to 2017.
Luckily, cybersecurity specialists don’t go around playing games on their smartphones all day. Instead, they create new tools and decryptors every day so we can enjoy safer internet.
Stay safe online, dear cyberspace traveler.
So what is ransomware in one sentence?
It’s malware that holds users’ device/files hostage demanding a ransom for their release.
At least now you know how to stay safe and fight back if need be.
What causes ransomware?
Can you remove ransomware?
How does ransomware attack work?
What is meant by a ransomware attack?
Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.
Latest from Author
Your email address will not be published.