What is Ransomware?
Take a second and think about all the information that’s stored on your phone and computer. You’ve probably got a bunch of documents on there. Maybe some important business or personal files. You’ve certainly got passwords stored in there, and probably some financial information as well. What about personal data? Could someone with your computer access your address? Your date of birth?
If you take the time to think about it, the amount of data you have stored on your devices is pretty frightening. So what happens when that data is threatened? We’re taking a look at ransomware, a technique used to gain access to a users data, how it works, how to prevent it, and how to remove it. If you’re concerned about data safety, then you might want to keep reading…
What is Ransomware?
Let’s start with the essential question: what exactly is ransomware? Ransomware is a form of malware (malicious software) that enters your computer and locks down all your data. Think of it like your data being kidnapped. At some point, you’ll receive a ransom demand, and if you pay the ransom, then your data will be freed and you’ll be back in business. Simple, right?
In basic terms, this is extortion, blackmail, and is a crime. But if your data is important enough to you, then you might be considering paying that ransom (which can get pricey). Before we get to exactly how you can protect yourself and solve your problem, let’s take a closer look at ransomware and how you got attacked in the first place…
How Do I Get It and How Does Ransomware Spread?
There are two real ways that you can get ransomware on your device. And these really could happen to anyone:
Malspam is malicious spam mail. What generally happens is that you receive an email and then click on a link that downloads the ransomware onto your device. You might think that you’re too smart to click on an online link, but hackers are smarter. These spam emails often look like they come from reputable companies, even from your bank or some other trusted source, or perhaps from a friend or colleague. Clicking an unknown link is easier than you think and even some of the savviest online users have fallen victim to malspam.
Malvertising, or malicious advertising, is a complicated area, and the technical details aren’t too important. What basically happens is that you visit an internet site that has malvertising, you see an ad, and then you have ransomware downloaded to your computer. No, you didn’t click on anything, no you didn’t physically download anything, all you did was visit a website. Sucks, right? Being the victim of malvertising definitely contains an element of pure bad luck.
What Happens Once I’m Infected?
What happens next isn’t terribly complicated at all. All ransomware infection follows the same basic pattern:
- You’ll download the ransomware (either by clicking a link or just being unfortunate)
- The ransomware will infect your device and gain control of your system
- You’ll somehow be locked out of your system (the method depends on the type of ransomware you have, see below)
- You’ll receive a ransom demand (which may be direct or subtle, depending on the type of ransomware you have, again, see below). Often the ransom is payable in cryptocurrencies, such as BitCoin
- You either disinfect your system (we’ll get to that soon) and try to retrieve what data you can, pay the ransom, or walk away from your data leaving it to “disappear”
What Kinds of Ransomware Are There?
There are three basic kinds of ransomware, varying in threat and consequences:
Scareware is the least threatening kind of ransomware. You’ll get a pop up (or in the case of your mobile a lock screen message) that says that malware or a virus has been detected on your device. You’ll then be prompted to download an app or software to “clean” your device (which you’ll need to pay for), or to contact a tech support number for help in dealing with your problem (again, you’ll need to pay for this service).
Rather than completely locking you out of your data, scareware tries to scare you into paying money by subtly threatening your data. However, do remember that legitimate anti-virus and tech support companies NEVER solicit business in this way. This is a scam.
Locked Screen Ransomware
Getting a little more serious now… Locked screen ransomware locks you out of your device completely. When you turn on your device you’ll be greeted by an official looking screen (often with government seals on it, or even FBI warnings) that tells you that illegal activity has been detected on your device and that a fine must be paid.
This is worse than scareware because you’ll no longer have access to your device at all. Plus, the threat of legal action or government/police intervention isn’t particularly nice. However, the police, government, and even the FBI will ALWAYS follow appropriate legal channels to contact you. No institution is going to cut off your data and then demand a fine via a lock screen message…
Data Encryption Ransomware
Finally, there’s the biggie. Encrypto-ware is the scariest of all the ransomware threats. Someone accesses your data, encrypts all of it, and demands a ransom in order to decrypt your data again. The reason that this one is so scary is that once that data is encrypted it is highly unlikely that anyone or anything can decrypt it unless you pay the ransom. So basically, if you don’t play the game and pay up, your data really is gone.
Fortunately, encrypto-ware isn’t particularly common for personal users. This kind of malware is used more often for big companies and people with highly sensitive data, where big ransom demands are realistic and likely to be met.
What Are the Consequences of Ransomware?
There are quite a few potential consequences of downloading ransomware, many of them pretty obvious:
- You lose access to your data
- Your data could be taken and used against you (to steal your passwords or personal information so that further financial fraud can take place such as identity theft)
- You have to pay a ransom
- Important data could be irretrievable and lost for good
Given how much data we all have on our devices, losing access to that data and potentially losing the data altogether is a frightening thought…
Is It Really That Big a Problem?
You might be wondering if all this is scare-mongering and if ransomware is really a problem. The truth is that everyone is at risk from ransomware. Sure, businesses tend to be more at risk than individuals (simply because business systems tend to control more data and have more money with which to pay ransoms), but any one of us could download ransomware at any time.
Getting accurate figures is tough though. This is because many ransomware attacks don’t get reported. People either pay the ransom or walk away from their device, without doing anything and without reporting the issue. However, there are some pretty scary statistics around:
- Ransomware damages exceeded $8 billion dollars in 2018
- Around 40% of victims pay the ransomware ransom
- About 98% of ransoms are paid in BitCoin cryptocurrency
- Around 850 million ransomware attacks were detected in 2018
- Ransomware attacks have increased by around 97% over the last two years
Clearly, ransomware attacks are a growing problem and one that could strike you.
What Do I Do If I Get Ransomware?
Okay, time for some honesty here. What do you do if you get a ransomware ransom demand? The number one thing that authorities tell you NOT to do is pay the ransom. This is much the same advice that is given to people who receive kidnapping ransom demands. And we’ll be straight with you, authorities tell you not to pay the ransom because paying increases the likelihood of attacks happening to others, making the authorities’ job more difficult.
Here’s the deal though: without paying the ransom there is a solid chance that you’re not going to get all your data back. There, we said it. Pay the ransom, however, and yes, there’s a pretty good chance that you’re going to get your data returned to you or decrypted. There are NO guarantees though. Expert estimates say that around 65-70% of the time data is restored after a ransom is paid.
We can’t tell you what to do, the decision is yours. The official advice is not to pay the ransom, but that choice is absolutely up to you.
Should you opt not to pay the ransom, then what should you do? Firstly, you’ll need to accept that you may not get all (or any) of your data back. If you’re comfortable with this (and you’re smart enough to have a back up of all your data), then there are things that you can do to clean your device. We’ll take you through the steps right here. However, attempting to restore your data can be tricky. If you’re not technically minded we recommend that you take your device to a professional!
- Disconnect your device from any others if possible (switch off WiFi, disconnect from home or work networks), as best as you can isolate the infected device.
- If you can take a screenshot or photograph of the ransom demand. This will allow you to make a police report later.
- You will need to clean your machine. If you’re NOT going to pay the ransom, continue with this step now, if you ARE going to pay, then pay the ransom FIRST before you clean your device.
- To clean your device you’ll need to switch it on in safe mode. On a Windows computer, you do this by turning the computer off, then pressing the power button and the S key at the same time. On a Mac switch the computer off, then switch it back on again and immediately press and hold the shift key, you can release the shift key when the login screen appears. Phones vary in how to enter safe mode, just Google your make and model and “open in safe mode” to get specific instructions.
- Once you’re powered up in safe mode, you’ll need to disinfect your system. You do this by installing a decent malware or anti-virus programme. Norton, Malwarebytes, and MacAfee are the big names in the business, but you can look around for decent reviews of other apps or software. Once downloaded, run a scan with the software of your choice and follow the instructions that you’re given.
- Now you can open your device safely in regular mode and figure out the damage. You may have lost everything. However, there’s a chance that you haven’t. Many ransomware attacks work by copying your data and encrypting it before deleting the original files. Sometimes these deleted files can be restored. You’ll need to look into software like ShadowExplorer or Data Recovery Download to attempt to restore these files.
- If you still have encrypted files (or if you were able to access the encrypted files beforehand) then you may be able to decrypt them. Check out Crypto Sheriff or ID Ransomware to identify what kind of ransomware you have. Once you have that information you can find out if there’s a decryption software that can help you. You’ll find a list of ransomware types and available decryptors on nomoreransom
As you can see, this isn’t an easy process. Again, if you’re looking to not pay the ransom and want to attempt to recover your data we really do recommend taking your device to a professional. If you don’t care about your data at all (perhaps because you have backups), then the simplest solution is to factory reset your device. You’ll find specific instructions for how to do this online, just Google your device name and model and “factory reset.” Be warned though, this will lose any data that was on the device!
Making a Police Report
You are NOT required to make a police report. But you may want to. A report will help the authorities track ransomware statistics, will help you make an insurance claim if you’re able to do so, and is just the right thing to do. Reporting a ransomware attack is NOT a 999 emergency! In fact, your best bet is to contact the UK’s cybercrime unit ActionFraud.
How Can I Protect Myself Against Ransomware?
Recovering from a ransomware attack isn’t easy, which is why protecting yourself so you don’t get attacked in the first place should be a priority. You can’t completely protect yourself, but there are many things that you can do to lessen the chances of getting ransomware:
- Have up to date malware and anti-virus software running on your devices at all times
- Ensure that you update your software, apps, and operating system whenever prompted to do so
- Have secure backups of all your data (either on a non-connected hard drive or on a cloud-based service), so if infected you can wipe your device and reload your data
- Avoid clicking links in emails whenever possible. If the link seems to come from a trusted source (like your bank), then you should be able to find the page on that source’s website without having to click on the link. If the link comes from a friend or a colleague, consider contacting them and asking if they really sent the email and if they trust the link.
- Avoiding malvertising is difficult since it’s impossible to know which sites do and do not have it. As a general rule secure sites (those that begin with https rather than just HTTP) should be safe. As far as you can visit only reputable websites, and avoid lesser known names or addresses that you’re not familiar with. Running a decent anti-virus software should help since the best programmes will scan websites in your browser as well as downloaded files.
Ransomware: The Bottom Line
Ransomware is an extremely unpleasant kind of virus. And unlike with many other viruses, there’s a solid chance that your data is going to be irretrievable should you choose not to pay the ransom (and perhaps even if you do). Keeping a backup of all your data and running decent malware detectors and anti-virus programmes should help keep you safe.
If you value your data, then be prepared. Investing in good protection software and taking the time to back up your data should be a priority!