The Evolving Threat of Ransomware and How it Works

With Ransomware on the increase, we look to help explain what Ransomware is and what you can do to avoid becoming its next victim in a significantly growing volume of those affected.

Whilst some can be a mild irritant as we reported in an article last week, the vast majority of Ransomware is deeply hurtful to you and your pc.

2016 saw a reported increase of over 6000% of Ransomware compared to the previous year with conservative estimates suggesting that this year, we can expect that figure to double.

Most people are blissfully unaware of what Ransomware is (I confess, until last year I was also) and therefore this ignorance means that it is one of the fastest growing issues in modern PC usage. So how does it work exactly?

Ransomware is usually transmitted via e-mail, the e-mail will have an attachment and usually the e-mail/attachment name will be something of relevance. For example, a standard trick is to title the attachment ‘invoice’ because many businesses and individuals would be accustomed to receiving bills via e-mail. The email and attachment can often appear very legitimate. The problems start however the moment you attempt to open the file.

An example of a computer infected with Ransomware.

By double clicking the file, you may have inadvertently began a file encryption program which, usually upon the next time you start-up, you’ll be greeted with the above desktop background.

Put simply, all of your personal files will have been encrypted, you will not be able to access them. Each folder will contain a readme.txt usually detailing that if you visit a (very dubious) website and issue a payment (usually by bitcoin) they will issue you with the tool or password to remove the lock and to recover your encrypted files. Hence the name Ransomware, your personal files are being help ransom on your own PC, to be released upon payment.

Our advice in this circumstance (as Dale Gribble might say) is do not feed the beast. At this point it is usually already too late. Unless you backed up your data it is exceptionally unlikely that you will be able to recover the data and by going through the procedure of paying the ransom, it provides no guarantee of success and often just compromises you or your personal details (such as card details) further.

What will surprise most people is that anti-virus software generally struggles to detect Ransomware and can more often than not do nothing once you’ve got it. Ultimately anti-virus does the best it can (and largely succeeds for standard virus’), but it can never accommodate against someone doing something dangerous (such as opening or insisting on opening programs).

We, therefore, offer the following advice to help people try to avoid this pitfall.

• As always – do not ever download or run an attachment to an e-mail unless you are certain that the person sending it to you is trusted or genuine. Even then, treat everything dubiously.
• Do not expect/rely on anti-virus or malware prevention programs to identify it for you or to be able to fix it. The best prevention against virus’, malware, trojans or Ransomware is your own good common sense.
• Regularly back up or save all of your most important documents to a totally separate area or PC. For example,  a memory stick or external hard drive.
• If you are infected with Ransomware your best hope is to run a system restore to an earlier point, this might not fix the issue, but it might give you options to recover your files if you’ve been lucky.
• Do NOT pay the ransom – You can not guarantee the safety of your information or frankly that you’ll get your data back. Most of the time you’ll pay them and never hear anything back again.
• Businesses are the most at risk, so ensure staff members are aware of the dangers. That does not mean to say that individuals do not get targeted as well.

The short version – be safe out there kids, the internet can be a dangerous place.