What is Ransomware and How to Stop It
There are almost too many different types of malware to quantify, but some of the most worrisome of all are ransomware viruses.
These malware bugs are incredibly difficult to stop once they’ve infected your computer and can be accidentally downloaded in a variety of ways. Because of this, you’ll need to practice constant digital vigilance to prevent ransomware from hurting you or your business.
Let’s take a deep dive into ransomware and look at how you can stop it from ruining your day.
What is Ransomware?
Ransomware is technically a type of malware or computer virus. These viruses are often made by hackers or cyber criminals that want to extort people or businesses for money.
Ransomware viruses are downloaded onto a computer or mobile device. The virus will then infiltrate the computer, find sensitive information and critical processes for the device, and encrypt all that data.
In the process, the computer is locked out and the primary user of the device or computer is unable to access their files, access the Internet, or even perform basic functions without doing what the virus says.
In most cases, the virus is set up to accept only a particular password or keyword before it begins decryption. Instructions are usually included with the virus to be displayed on the main screen. These lists will include ways for the victim of the virus to get in contact with the bug creators, who will supposedly give the password to unlock or un-encrypt the computer in exchange for a payment of some kind.
This is how the virus gets its name: it’s ransoming your computer back to you for a price.
How Does Ransomware Work?
A ransomware virus can be downloaded to your computer through a variety of means. Phishing attacks are common vectors for ransomware transmission.
These are cyber-attacks where someone will open a fake email, download a phony document or file, or otherwise open up their computer to a virus when believing the download or email to be legitimate. Once the file is opened, the ransomware is downloaded onto the device.
Other ransomware viruses might be spread using Trojan horse bugs. As the name suggests, these viruses masquerade as legitimate software downloads but install malware on your computer once you open the software for installation.
Regardless of the way ransomware gets on your computer, these viruses operate very quickly. In just seconds, the software will spread throughout your computer and take over any critical processes that deal with how the computer functions or let you navigate through your files.
Such a virus may encrypt all the major parts of the machine, up to and possibly including even your mouse’s movement! It effectively locks you out of doing any processes that the virus creator doesn’t want you doing.
More sophisticated ransomware viruses will search through your computer for any possibly sensitive information like bank account info, passwords, or personal identity information like your Social Security number. Once it has all this information, it’ll encrypt it on your computer and threaten to send it to the virus creator or the public unless you carry out the demands that the bug displays on the screen.
In some cases, any information not pertinent to the virus creator’s purposes may be deleted, leaving you with a husk of a machine even if you do manage to get rid of the bug.
How Does a Ransomware Screen Look?
Most ransomware bugs will blast a new screen on your desktop or mobile device. This often has a few easy-to-understand symbols like a padlock to demonstrate that your computer is “locked”.
You might be able to move your mouse around for click on a few select buttons, but you won’t be able to do any of your normal functions. Most effective viruses also prevent you from bringing up your antivirus.
There’s also typically a list of demands and explanations.
Many hackers will guarantee that you’ll be able to get your files and computer back. They’ll also explain that the only way for you to get your files back is to pay the ransom fee (usually saying to “not bother” with any decryption or ransomware removal methods).
These viruses usually demand payment in digital cryptocurrencies like Bitcoin. To make things simple for those they try to extort, payment buttons and contact information may even be included in “helpful” links at the bottom of the extortion screen. Some of these viruses may even look fairly professional (although many are written with typos or relatively immature or exaggerated language). But they’re all criminal.
In summary, ransomware viruses are essentially cyber blackmail schemes.
What Harm Do Ransomware Viruses Cause?
It depends on the exact virus, although most simply demand payments in Bitcoin in exchange for decrypting your computer. These viruses are sent out en masse to extort as many people as they can. The fee amounts can vary wildly, though typically are between $50 to several hundred dollars’ worth of Bitcoin.
However, other ransomware viruses may threaten to release your encrypted data or delete it if you don’t acquiesce to the hackers’ demands. Sometimes, company networks are infected with these types of viruses, so they’ll scramble to get a rather hefty fee together to prevent sensitive information from being leaked to the public or their competitors.
Regardless, you never want a ransomware virus on your computer. Even if you don’t care if your information is put online, the virus may still delete your sensitive info or treasured media, like photos or email letters.
Even worse, some ransomware viruses put your Social Security number and other sensitive information online so that other cybercriminals can use it for their own black-market schemes. Data these days is somewhat akin to digital gold, and hackers will pay a lot of money to get access to your data and use it against you.
What Forms Can Ransomware Take?
Most ransomware viruses take one of the following forms:
- Scareware – these viruses masquerade as fake software programs, usually (and ironically) disguising themselves as antivirus or cleaning tools. The programs will claim to have found issues on your device and demand money in exchange for solving the problems. The issues, of course, are usually wildly exaggerated and meant to trick people who don’t have a lot of digital literacy
- Lockers – this ransomware totally locks you out of your computer or device by infecting your operating system directly. This makes it impossible for you to access any antivirus applications or files. Android users need to be particularly wary of this virus, as there are a lot of ransomware permutations for this OS
- Crypto malware – this ransomware encrypts files, hard drives, and folders. It asks for payment in a cryptocurrency in order to get a decryption key so you can unlock your digital valuables
- RaaS – this stands for ransomware as a service. It’s a virus that is hosted by a hacker anonymously, who then spread the virus to different cybercriminals and collect payments from those who manage to extort money from their victims
- Doxware – this can also be referred to as extortionware and leakware. It’s characterized by a threat to publish stolen information related to your identity if you don’t pay the ransom demand. Sometimes, companies or people with known sensitive information are targeted by cybercriminals with this type of virus specifically
Can Ransomware Affect Macs or Mobile Devices?
Mobile devices have had an even rougher time, especially since people don’t practice as much digital security with their phones or tablets as they do with their regular computers. This ransomware will often be delivered as a malicious app.
It’s important to have antivirus and computer security tools in place even if you use a Mac or mobile device instead of a Windows computer.
How Can You Prevent Ransomware?
Like with most types of malware viruses, the best way to stop ransomware from affecting your life or business is to never get it in the first place.
Practice Good Digital Hygiene
First and foremost, you and/or your company should be practicing good digital hygiene. This idea can be summarized in a few bullet points:
- always use complex and regularly updated passwords
- keep all of your security software up to date
- educate your employees about not letting sensitive information about the company network or website float around (i.e. don’t write passwords down on a piece of paper and leave them lying about)
- don’t automatically open any email attachments or download files without them being scanned beforehand or if you don’t know the sender
- don’t trust email attachments that want you to enable macros in order to view the content
- don’t leave important files in a single spot – always have them backed up in multiple locations
Basically, digital hygiene ensures that it’s a lot harder for ransomware to wreak havoc across your network since it’s harder for your network to get infected at all.
Tons of companies end up having security breaches every year just because employees don’t follow basic practices like keeping their passwords secure. But those companies could easily eliminate those types of breaches by using great password managers. In fact, it’s no stretch to say that having strong passwords is the number one way that you can prevent general hacking from affecting your business.
Ransomware viruses and other types of malware aren’t just things you download from the Internet. They can easily get onto a network from a USB or from an insider that plants a virus once getting access to your physical network from within.
Similarly, teaching your employees to not automatically open any email they get is just good sense. It’s also a wise idea to practice this yourself, particularly if you have all the administrative privileges in a network or for your website. Granted, most email services these days have reliable spam and ransomware filters, but you’ll still need to exercise common sense now and again when you get an email from an unrecognized sender.
We’d strongly recommend holding educational seminars for your employees if you’re concerned about digital security for a larger business or network. It can be difficult for everyone to remember security practices when they have other responsibilities to juggle every day. But if you hold seminars or workshops where you can refresh people’s memories or update them on current best practices, your network and business security will likely be more airtight overall.
Having these repeatedly throughout the year (like once a quarter or every few months) is an excellent idea. This is especially true since the hackers who create ransomware viruses and other malware are always adapting their tools and techniques to find new victims.
Have Strong Antivirus Tools In Place
Of course, it’s imperative that you have excellent antivirus software in place regardless of whether you’re protecting a full business network or a single server for a personal blog.
Antivirus shields and firewalls are the tools you need to stop ransomware viruses from infecting your system even if you download them by accident.
Some ransomware viruses are indeed sophisticated enough that they can infect your computer even if you have a firewall or antivirus shield.
But this isn’t true for the majority of malware bugs; most of them will be stopped by the firewall and its updated definitions.
We’d heavily recommend investing in paid Internet security or great free Internet security. These security programs will also usually come with additional tools like the ability to scan your computer for viruses or email attachment scanners. All of these aspects will contribute to ensuring better network security overall. Even better, they’re usually updated very frequently so new ransomware viruses aren’t likely to get under their radars.
Keep Your OS and Other Stuff Updated
As mentioned before, it’s important that you always update your operating system, antivirus, and any other relevant programs whenever a new update rolls out. This matters because new updates to said systems can plug up any holes or security breaches that ransomware virus makers might take advantage of.
New security vulnerabilities are being discovered all the time, and operating system or program manufacturers send out updates for a reason. Download them!
Keep Your Data Backed Up
Another great way you can minimize any damage a ransomware virus can do to your computer or network is back up your data in multiple locations. Say that your computer does get infected with such a malware bug and you don’t want to pay the ransom.
After disconnecting your computer from the network, you can let the virus run its course and delete your sensitive information if you have it backed up in another location.
All that the bug costs you is a bit of time, not the sensitive financial information for your whole company.
Backing up your data on the cloud is an even smarter decision. The cloud allows you to retain previous versions of files and update those versions very frequently. Rolling back to unencrypted versions of files or data is, thus, made relatively trivial.
What If Ransomware Gets Onto Your Computer?
Unfortunately, ransomware can sometimes still affect your computer or network even if you practice good security measures. There are things you should do in the event your hardware is infected with ransomware.
Disconnect From Your Network
First off, immediately disconnect the infected machine from your network. Don’t just do this using your computer’s network settings: physically disable the connection via cable or by neutralizing the Wi-Fi antennae on the machine itself.
This makes it impossible for the ransomware virus to spread through the rest of your network, minimizing its potential damage.
Don’t Pay the Ransom!
Next, do not pay the ransom. Even if things seem particularly dire and you can’t imagine finding another solution, it’s never a good idea to pay the ransom to the hackers (which is impossible since you’ve already disconnected your computer from the Internet… right?).
There are a few reasons for this. For one, paying the ransom just tells the hackers that these malware attacks work and they should continue to create new varieties of the bugs.
For another, there’s no guarantee the hackers will keep their word in the ransom note. They might promise to decrypt your files if you pay $50 in Bitcoin. But they could easily delete your files without a care in the world after you pay the fee. Then you’ve lost some money and lost your sensitive files in the same stroke.
The FBI even agrees that it’s never a good idea to pay ransomware makers their demanded sum.
Try to Run a Decryption Tool or Run a Scan for the Virus
After disconnecting your computer from the Internet, you can attempt to run a scan for the virus if you still retain some operating ability with your device. This will only be possible with some ransomware bugs, but it’s worth a try. There’s a chance that your antivirus software will be able to detect the ransomware virus and delete it if given a chance.
You can also try to use a ransomware decryptor. Kaspersky and other antivirus creators offer free ransomware decryption software that you can download so long as you retain the ability to get on the Internet with your infected machine. Of course, make sure that your computer is on an isolated network so the ransomware virus can’t spread throughout the rest of your connected machines.
Most ransomware decryptors are designed for specific types of viruses, so be sure to download the tool that is relevant to your bug. The decryptor will disassemble the virus and unlock your files if everything runs smoothly.
Again, this only works if the ransomware virus hasn’t totally locked you out of your computer.
Try Restoring Files From Backup
Similarly, you can try to restore your computer’s files from backup. You should only do this if you have the ransomware virus quarantined or deleted from your antivirus software. But you can also do this with certain programs if your machine is still infected – for instance, if your antivirus is disabled, you might be able to download another version of the program and kill the virus that way by restoring it from backup.
You can either restore your files using a physical but separate hard drive or by rolling back your files using their versions on the cloud.
Perform a Hard Computer Factory Reset
You always have the option to “go nuclear” and try to perform a hard factory reset for your device. This will wipe any of the personal files or data on the machine to roll everything back to the earliest operating system version the computer remembers. As a side effect, any viruses that haven’t dug so deep into the OS that they’ve corrupted the main code will also be eliminated. This is a good choice if you followed earlier advice and backed up all your sensitive files elsewhere.
However, some ransomware viruses totally take control of your operating system and make it impossible for you to do anything. In these cases, disconnecting the computer from your network and scrapping it might be your only option. Still, count yourself lucky – some viruses are so successful that they infiltrate a network before you have the opportunity to disconnect. Again, so long as you backed up your sensitive files beforehand, the damage done should be minimal, overall.
Let us know if you have other questions about how to deal with ransomware and how best to protect your small business from these threats.