Cybercriminals are having a field day these days with a new type of malware called ransomware. This new malware is extremely dangerous and is spreading like wildfire.
In recent years, there have been numerous victims of ransomware, from individuals, businesses to hospitals.
The FBI reported that in 2017, it received numerous complaints regarding ransomware and the cost that the victims had to bare was over $1.4 Billion.
So what exactly is ransomware?
What does it actually do?
How can you protect yourself against such malware?
To find answers to all these questions, continue reading as I will show how it works and how you can defend against such malware in this complete guide to ransomware removal.
What is Ransomware?
Ransomware can be defined as malware that restricts users from accessing their systems (and other devices), files, or various pieces of data unless they pay a ransom.
They are distributed through phishing attacks in the form of bogus emails or downloads; it can be injected into advertising WebPages, embedded into pirated content such as cracks or torrents, and transmitted over LAN networks.
Ransomware attackers demand payment through certain online payment methods; the most common being Bitcoin.
There are different types of ransomware which target various users and work in different ways but all have the same goal – to extract ransom from the victims.
These ransomware attackers mainly use insignias from high governing bodies such as FBI or DOD to make the ransomware message look authentic.
Similarly, the content of the message is also fabricated in such a way that seems as if you have violated certain laws and regulations, or that you contain explicit and illegal content.
Here is a video created by ESET that demonstrates how ransomware works:
Types of Ransomware
Ransomware are found in different forms and each work in a different way, preventing users from accessing their system, files, and other personal data. Here are different variants of ransomware you should look out for:
1. Ransomware That Locks Your System
There are some ransomware that lock your system and prevent you from accessing it until you pay the required amount to the attacker. The ransoms vary between few dollars to hundreds and thousands of dollars and the major mode of payment is through Bitcoin.
2. Ransomware That Encrypts Files
Similarly, many users have experienced ransomware that encrypt various files on your system and won’t decrypt them unless you make the payment.
In certain cases, attackers hijack information from emails, pictures, documents, and other forms of sensitive data in demand for ransom.
The files that are mainly encrypted by ransomware have the following extension:
3. Ransomware That Fakes As Antivirus
Some ransomware fake them as antivirus software and detect various problems in your system, mainly viruses. And, in order to fix these issues, these ransomware would demand payment.
However, these forms of ransomware are easy to get rid off and won’t stop you from using your system or device. But it will constantly show you pop-ups, messages, and alerts.
4. Ransomware That Threatens to Make Your Information Public
Called Doxware, this ransomware steals your sensitive information and publish it if you do not pay up.
All of us have some sensitive information on our Personal Computers. Losing it can cause serious personal or financial damage.
These ransomware “doxes” users. Violating their privacy and exposing their personal lives to the world.
5. Ransomware Managed by a Hacker
In the shadowy world of the Dark Web, hackers use a franchise-like method to sell their ransomware to aspiring cybercriminals. This is called the Ransomware-as-a-Service (Raas) method.
What’s more, the individual selling the Ransomware also provides technical knowledge to the person launching the attack. They both intend to share the ransom money and walk into the sunset.
The most troublesome aspect of Raas is that it basically gives anyone the power to launch cyber-attacks.
Image Credit: trendmicro.com
How Can You End Up With Ransomware?
Like any other form of virus, ransomware sneaks their way into your device though faux email attachments and fake links. Social Media also serves as a potential carrier for ransomware.
- Malicious Advertisement: Turns out that advertisement can be more than just minor annoyances. Cybercriminal can buy ad space on popular websites and use that to deliver ransomware on your device. Yes, this happens even through known and reliable websites.
- Exploit Kits: Designed to exploit any potential vulnerabilities in your system, exploit kits are frequently used to conduct cyber-attacks. It is a pre-written code that makes you pay for having outdated software.
- Unsolicited download: Many websites fool you into downloading malware without you even consenting. You need to avoid this at all costs.
- Social Engineering: In ultimate irony, social engineering in the context of cyber security means tricking people into downloading ransomware. The ransomware here seems like a normal document but once you open it, all hell breaks loose. More often than not, the source of faux documents is from a reputable entity.
How to Know You Have Ransomware?
I starts with a normal-looking file ending up on your device. It may be some document, like an excel sheet or a Word file.
But what it really is an executable file that takes just a click to start running.
It works quietly. You do not notice anything at first. All the files open normally and everything seems fine.
However, something sinister occurs in the background.
The malware makes contact with the hacker’s servers and generates two keys. A public key that encrypts your files and a private one that can decrypt them.
Of course, the hacker has the access to the second key.
Slowly, the ransomware gets to your hard drive and starts encrypting your information. At this point, it does not require your permission to perform this action.
That done, a ransom note appears on your screen. You are asked to transfer specific amount of money in a specific amount of time.
Usually, you need to pay with Bitcoin or transfer the money in some foreign account.
Ransomware Removal Techniques
Now what if you are a victim of ransomware and the attackers has taken hostage of your files or has locked your system. What do you do? Before panicking, here are some steps you can follow for ransomware removal.
- Do Not Pay Under Any Circumstances:it’s easy to cave in but ransomware attacker’s main aim is to reap monetary benefit at the expense of your personal data. Paying them does not guarantee that you will get your data back and you’d be encouraging them to conduct similar attacks in the future.
- Disconnect or Remove Infected Parts from Network: by removing the infected parts from your network helps to prevent any further spread of ransomware. We recommend that you disconnect your entire system from the internet in case of a screen-lock or file encrypting ransomware.
- Use System Restore to Go Back to a Clean State: one of the ways to remove ransomware that locks your screen to through System Restore. Similarly, it can also help you recover some of the data that was lost due to ransomware. It may not bring back all the data but restoring the system to an earlier state will help to uncover some of the lost files, access your system, bring back system settings and programs clean of ransomware.
- Scan Your System Using Antivirus: you should scan your system with antivirus software to ensure that the ransomware is removed. Try to run the antivirus from bootable disc or through USB. If you are opening the files on another system then scanning them with an antivirus ensures that no traces of ransomware are left behind.
- Use Ransomware Decrypting Software:there are many third party applications and software that you can use to decrypt files encrypted by ransomware. Kaspersky offers its tool for decrypting CryptXXX and CoinVault ransomware. Similarly, you can also use ShadowExplorer (a free tool) to restore files encrypted by Cryptolocker.
- Unhide Files to Retrieve Data: many ransomware hide your files, desktop icons, shortcuts, and other data. One way of recovering this is by going to ‘Computer’and then ‘C:\Users\’. Right Click on the folder of your Windows name and open ‘Properties’. Uncheck the option ‘Hidden’ and click ‘OK’. This should make your hidden data reappear.
How to Prevent Ransomware?
Ransomware can be really nasty and if it plagues your devices, there is very little that you can do. So before you fall prey such attacks and become a hostage, it’s better to take some precautions and safeguard against ransomware. There are certain measures that you can take to prevent ransomware from attacking you.
Backup All Your Files & System Settings
One of the easiest ways to prevent ransomware is by regularly backing up data. This way you would not have to panic and pay the attackers to retrieve your precious files or gain access to your system. You can use the built-in backup systems offered by your device’s OS or you can choose from third party backup software.
Similarly, storage services can also be used to backup important and confidential data, and prevent it from landing into the wrong hands of a ransomware attacker.
So at the very end of the year @ahsay is saving the day again from a #ransomware infection by #Dharma virus. Even if it spread across the entire network, it didn't affect our backup repository.#backup #infosec #synology pic.twitter.com/B6IF47FeAc
— Sebastian Zdrojewski (@En3pY) December 28, 2018
Use Up-to-Date Antivirus & Security Suits
Antivirus and other security software such as malware and phishing detectors can be very effective in defending against ransomware. They form the first line of defense against such threats and scan your device (or system) on a regular basis looking for patterns, signatures, and definition of latest viruses.
This is why you will see popular antivirus services release regular updates of latest virus definitions. It is important that you keep your antivirus up-to-date at all times.
We also discuss this strategy in the guide to prevent Bad Rabbit Ransomware Attack.
Use Browser Extensions to Stop Malvertising
There are many ransomware that are embedded into advertisements being displayed on websites or on advertising networks. There are various browser extensions and add-ons that stop malware.
Some of them include AdBlock Plus, Privacy Badger, uBlock Origin, and No Script. These extensions stop cookies, tracking technologies, scripts, and malware-laden ads running in the background.
Here’s a good comparison between two popular anti-malware extensions.
Scan Your Emails for Ransomware
Another source through which ransomware are transmitted are through emails. There are many emails which use click-bait advertisements and attachments consisting of ransomware. You should scan your email attachments for malware before downloading them. Similarly, avoid clicking on any links present in the email that look out of place or shady.
Encrypt Your Internet Traffic Using VPN
Since majority of ransomware infiltrate your device through the internet, it is important to encrypt your internet activities.
The encryption keys and secure protocols offered by a VPN allow you to prevent any attacker from hijacking your files or gain access to your system. There are many VPN’s you can choose from.
Here are some best VPN providers that offer military grade encryption and will keep you safe from ransomware when you surf the internet.
|VPN Providers||Price ($)||Special Deals||More Info|
Best Affordable VPN
$2.95 Per Month
Exclusive Discount 1 year Plan
Best Budget Service
$1.99 Per Month
2 Years Deal
Best for Geo-Unblocking
$2.99 Per Month
3 Years Plan
Best for Streaming
$8.32 Per Month
No Exclusive Offer
Best for Private Browsing
$2.75 Per Month
3 Years Deal
Examples of Popular Ransomware Attacks
Over the years, we have witnessed numerous ransomware attacks. These attacks have targeted individual users to enterprises, small businesses, public agencies, hospitals, mobile devices, servers, and different operating systems. Here are some ransomware examples that you should be aware of.
CryptoLocker is a file encrypting ransomware that first appeared in 2013 and used 2084-bit RSA encryption key to lock files of users. The ransomware used to encrypt files with certain extensions and would not allow anyone to access it until a payment is made through Bitcoin. The cost to unlocking the encrypted files? 10 BTC (Bitcoin), which are around $4,730 USD in today’s value. Here is an illustration provided by Symantec explaining how file encryption ransomware work:
In the following years, more variants of CryptoLocker were seen in the form of CryptoWall, CryptoLocker.F and TorrentLocker. CryptoLocker.F first targeted Australian users and were spread through fraudulent emails. One of the prominent victims of this ransomware was ABC (Australian Broadcasting Corporation).
On the other hand, CryptoWall was distributed through malvertising campaign and mainly targeted Windows users. This form of ransomware redirected users onto rouge websites, promoting them to download plug-ins containing the malware. This way the ransomware would spread onto the user’s system and encrypt various files.
Reveton was first observed in 2012 and is a screen locking ransomware. Victims would receive warning messages, shown as if it was sent by law making agencies (like FBI), claiming that they have indulged in an illegal activity such as downloading pirated content. The attackers would demand payment, usually through prepaid cash services such Ukash. The first signs of Reveton were seen in European nations and its templates made it to United States and Canada later that year. According to Avast Security Software, new traces of Reveton were seen in August 2014.
KeRanger Ramsomware on Mac
On March 2016, first signs of ransomware were observed on Mac OS X, which was named ‘KeRanger’. The ransomware was distributed through a popular BitTorrent client for Mac offered by Transmission. The malware would encrypt Mac user’s files unless a payment was made via Bitcoin to the attacker.
The ransom demanded by the attacker would usually be a minimum of 1 BTC to unlock the encrypted files (which is roughly around $400 USD). In the wake of this attack, Transmission instructed all its users to delete the current version (2.90) of the BitTorrent client and use the latest version.
Ransomware on Android Devices
If you thought ransomware would only attack desktops and laptops, then you guessed wrong. Ransomware has made its way onto other platforms, including Android devices. Attackers are distributing FBI ransomware through malicious apps, where they pretend to be from FBI and lock user’s device or parts of the device.
The ransom would cost around $300 USD or more to retrieve access to your Android device or the data encrypted by the ransomware. If you have an antivirus installed on your device and you have selected the option to ‘Verify apps’ before downloading then it’s fairly easy to prevent ransomware on Android. Similarly, deleting the malicious app has also resulted in removing the malware from your device and retrieving the lost data.
Also look at some free antivirus for Android phones.
Ransomware is a deadly form of malware that can take apart your system, encrypt confidential files, and ultimately lead to disastrous outcomes. The main purpose of ransomware is to reap financial benefits from the victims, for the promise that the files will be decrypted by the attacker.
These attacks are carried out through multiple sources. Last year, the WannaCry ransomware attacks had 200,000 victims.
However, we have listed various tips and tricks that you can use for ransomware removal. Similarly, you can also take a look various precautious that you can take to ensure safety from ransomware attacks. Also, check out the different types of ransomware that have exploited users over the years; it’s important to know which kind of ransomware you are dealing with.
So are you prepared to defend against ransomware? Or do you have any further queries regarding the malware? Do let us know in the comments below or tweet us at @VPNRanks.