In the classic short story “The Ransom of Red Chief” by O. Henry, a spoiled brat is kidnapped by two inept crooks who become so rattled by the boy’s unruly behavior that they eventually pay to have him taken back by his parents. Unfortunately, having your computer taken over by ransomware is no laughing matter, and any money that changes hands will only be going to the cyber criminals, not to you. So, what is this so called ransomware, what do you do if it invades your computer, and (most importantly) what preventive measures should be taken to avoid it?
What is Ransomware?
For years now, hackers and cyber criminals have been wreaking havoc online by stealing data and using it for financial gain. Others have simply engaged in pure vandalism. So now, in addition to theft and malicious destruction of property, you can add kidnapping and extortion to their rap sheets.
Ransomware takes malware to the next level. Like some malware, ransomware makes your computer unusable, but it also encrypts your data making it much more difficult to remove than simple malware. Then it demands some form of payment, a ransom, in return for that data and presumably your computer’s functionality. If that isn’t scary enough, a version of ransomware called CryptoLocker fills the victim’s screen with an alarming note, which appears to be from a law enforcement agency. The notice claims they have committed some type of cybercrime and must pay a fine currently ranging up to $1,000. Fail to pay, the notice says, and you are going to jail. (No legitimate law enforcement agency would ever send such a message.)
Usually, the ransomware infects via a computer worm that enters through an email. CryptoLocker, for example, hides in a zip file attached to an email that pretends to be from a legitimate source. Cryptowall, a newer variation of CryptoLocker, disguises itself in online ads, a style of attack known as malvertising. When an unsuspecting victim clicks on the infected ad, the virus checks their computer for unpatched media players from Java, Flash, or Silverlight and then exploits those holes and installs the ransomware. For more detail on CryptoLocker, Cryptowall, and another cousin—Cryptodefense—see this blog post from Cisco.
Recently, the FBI, in conjunction with other international law enforcement agencies, tracked and shut down a major CryptoLocker source. However, the U.S. Department of Justice warns that CryptoLocker and its mutant varieties are far from dead and urges caution. Here is a very valuable link to the FBI’s online security page.
Jacked! Now What?
First, don’t pay the ransom. According to Microsoft’s malware protection center, there is no guarantee that paying the ransom will return your computer to a usable state. Plus, the threat of prosecution is completely bogus.
Because ransomware is so nasty, it is much better to prevent it than to cure it. That said, in some cases, it can be removed by you. Some infections may require professional help. Either way, if you have a good data backup and disaster recovery plan in place, the prognosis for recovery is much better. In a worst case scenario, you may have to completely wipe your hard drive, and if that happens you will be glad you (or your managed services provider) performed regular and thorough data backups. Here are two informative links on ransomware removal:
How Do I Avoid This Mess?
Backup everything. I know that technically this is not an avoidance maneuver, but it really is so important that it bears repeating (nagging about). Always run a good antivirus tool. Keep your Operating System and browser components, like Java and Adobe, updated.
Be very careful what you open. I don’t open unfamiliar emails and I treat every attachment like it has the bubonic plague until I scan it with anti-virus software. This is just common sense, and most people are savvy enough now not to open unknown attachments, but hackers are getting very good at impersonating legitimate sources.
The FBI reports instances of malware and ransomware trying to impersonate the Department of Homeland Security, the U.S. Postal Service, independent delivery services, and even the FBI itself. So, follow President Reagan’s advice during the Cold War—trust but verify. Oh, and did I mention backup your data?
Image source: http://fox5sandiego.com/2013/02/25/new-cyber-scam-takes-your-computer-hostage/