BLOG

Ransomware FAQ: How it Works and How to Prevent it

Ransomware is a species of malware which encrypts the files on the victim's device(s), making them inaccessible. Then, the cyber criminal demands a ransom from the victim, promising to restore the data after receiving the money. The malware will display specific payment instructions, and the data decryption fee ranges from a few hundreds to millions of dollars, depending on the target. The money is supposed to be sent to a Bitcoin account, which cannot be traced back to his/her owner.

This species of malware is often installed on the victim's computer by making use of a phishing attack. The first step is to gain trust by pretending to be one of the victim's friends, or at least a reputable individual/company. To give you an example, a hacker may get access to one of your friends' email accounts, and then sends emails to all the people in the contact list, asking them to open a file. Then, once that the file is open, the malware will get installed, taking control over the victim's computer. The process is made even easier by people who do not update their devices regularly, thus leaving huge security holes unpatched.

Key Article Points

- Ransomware is often installed using a phishing attack

- Some variants pretend to come from law enforcement agencies

- To stay safe, keep the OS and all the software up to date

Cyber villains use several data encryption algorithms to render the files useless. The decryption key can be stored in the ransomware application itself, for example. Another type of encryption has been used for CryptoWall, which utilizes the RSA and AES algorithms and has a dedicated Command and Control server.

Other ransomware variants pretend to come from a law enforcement agency, whose "representatives" require the payment of a fee, claiming that the computer has been used for nefarious purposes and/or has pirated software installed on it. Finally, some ransomware authors threaten users, telling them that they will publish confidential information online. However, the most widespread form of ransomware is the one that is based on data encryption.

To prevent ransomware attacks, make sure to keep your devices' operating systems and software up to date. This way, hackers will have much fewer software vulnerabilities to exploit.

Try to install as few applications as possible on your devices. Sometimes it may be tempting to visit sites that provide links to free and discounted apps for your smartphone, but many of them are either poorly coded, or have been built for nefarious purposes. If you discover that you have not used a particular software piece for several months, chances are you don't really need it, so you can safely uninstall it.

Install malware protection software. Search Google for "best antivirus software", read several reviews, and then pick a product which has a high virus detection rate and will not strain your system. Stay away from free antiviruses, though; their developers need to get paid as well, so they will cut essential features from their free products. By installing a free antivirus, you will feel that you have protected your computer, though you will not benefit from the security features which are provided by the full version of the product.

Do not forget to back up your computer on a regular basis. The 3-2-1 backup strategy states that you should always have at least three copies of your data: two of them should be stored on-site using two different media (an external HDD and several DVDs, for example), while the third copy of the data should be stored off-site, using a cloud-based backup service, etc.

Purchase a dedicated backup application, which can save the data automatically for you on a daily or weekly basis. You can also use the software that comes bundled with your favorite operating system. If you have recent copies of your data backed up, you will be able to restore the infected systems without effort.