Ransomware is a relatively new type of malware that infects your computer and holds files ransom by encrypting them. Only if a ransom is paid, usually in Bitcoin or cash vouchers, will the criminals decrypt the files. If you’re ever hit with ransomware, you won’t be able to access any of the files that hackers encrypted.
This type of malware can also be referred to as cryptolockers, named after a widespread variant of the software. Ransomware is an interesting response to technologies like Bitcoin, as decentralized currency makes it easier than ever for criminals to accept payments from their targets online.
Previously malware had been difficult to monetize for its creators as they were restricted to uses such as joining botnets or advertising networks. Once a criminal amassed a large group of computers, they could only make money by sending out spam, or using their bandwidth and processing power to attack websites and servers. While this can be lucrative, it is by far not as profitable as holding data ransom per hacked computer.
Ransomware can infect your computer in various forms and through various channels. It can come by itself or as part of a legitimate-looking program such as a memory optimization program or a bittorrent program.
There’s a lot you can do to prevent being infected by ransomware. Even if you already are infected, not all hope is lost.
How to Prevent a Ransomware Attack
Don’t Download Pirated Software and Verify All Your Software
People and organizations that crack expensive and copyright protected software like Photoshop and video games do not always do it out of the kindness of their hearts or for fun (i.e., “for the lulz”). Large criminal organizations are often behind these “free downloads” to pursue profits.
To protect yourself from malware that comes bundled with legitimate looking software, do not download anything from untrusted sources and pay attention to warning signs. Windows and Mac OS X require developers to register and digitally sign all their software. If your operating systems warns you about unsigned programs, you need to verify their integrity otherwise (for example with PGP), or cancel the installation.
Be careful with attachments from emails and chat services, especially if they contain attachments with filetypes associated with software, such as .dmg, .exe or .jar, but also any kind of unknow. Most of the time malware can circumvent antivirus software because the user specifically sets exceptions, most likely by following instructions bundled with the illegal download.
On your phone, only install software from the official app stores and be wary of suspicious looking programs.
Update Your System, Your Browser, and Your Antivirus Software
In cases where malware infects a system without having being deliberately executed by the user, weaknesses in your operating system, browser, or other software are being exploited.
While this is theoretically difficult to defend against, in practice these vulnerabilities are long known and fixed before a ransomware developer has time to exploit them.
Always apply the latest updates to your operating system and move to a new device as soon as your old one is no longer supported with updates. Your browser, email client, and other software must be kept up to date all the time.
Remove Unneeded Software
There’s likely a lot of unused software on your computer, and some of that software will have been poorly maintained.
For example, uninstalling Java, making Flash play by click (or removing it completely), and disabling Microsoft Office macros will remove a lot of threats to your computer.
Running an adblocker can also help you block unwanted and potentially malicious scripts that run on rogue sites or ad networks.
Make Regular Backups and Disconnect Your Drives
Regularly backing up your data will not protect you from getting infected by ransomware, but it will make it far easier and cheaper for you to recover from it. If you regularly backup your data you will find it easy to reinstall your operating system, which will remove the ransomware (along the rest of your data) in the process. You can then restore your computer to a backed up version before the ransomware took over your computer.
Make sure that you update all your systems before you reinstate your data and run a virus scan on your backups to make sure the malware is not hiding somewhere, ready to be activated again.
To make sure ransomware is not able to encrypt your backups, physically disconnect the backup drive after each backup.
How to Survive a Ransomware Attack
Disconnect Your Computer
To prevent the ransomware from spreading in your network and infecting other machines, disconnect it immediately.
This also makes sure your computer does not do other things it is not supposed to do, like taking part in a large botnet. You should apply all the precautions outlined in the Preventing a Ransomware Attack section on all other computers in your network.
Learn about What Hit You
There are many different types of ransomware out there. Some will display a message on your screen or leave a single “readme” file on the browser. This is a great starting point in getting your system back. Type the exact message into a search engine and you will likely be led to many posts about this particular piece of malware.
Fortunately, not all ransomware is developed well, so you may find hope on these forums. Sometimes the encryption keys can be recovered on the hard drive themselves and in some instances the hackers have been caught or had their encryption keys leaked online.
The internet security company Malwarebytes maintains detailed instructions on how to remove many types of malware, and in some cases even instructions on how to decrypt ransomware. Just search for the malware that hit you on their site.
The advisor company Malwaretips has a ransomware category in their blog where you might also find help. So does Bleeping Computer.
With the knowledge gained from articles, forums, and even the cybercrime units of your country’s police force, you can hopefully make an informed decision on how to proceed with your Ransomware infection.
If you are lucky you will be able to decrypt your data with little effort and without paying. If you have backups around it might be easiest to restore, even if they are not perfectly up to date.
You might also decide to wait a while in the hope that a solution to your type of ransomware is found. In some cases it might be easier to pay the ransom, but leave this as a last resort. Before you pony up cash or bitcoin, make sure you research and find plenty of instances in which people have paid and successfully got their files back.
Ransomware can be scary in the moment, but constantly backing up your computer minimizes the threat. Don’t panic if you do get hit and remember that it is very survivable.
Arthur Baxter is an Operations Network Analyst at ExpressVPN, a leading privacy advocate whose core mission is to make it easy for everyone to use the Internet with security, privacy, and freedom. They offer 100+ VPN server locations in 78 countries. They regularly write about internet security and privacy at the ExpressVPN blog.
