In this series, we’re talking about some specific types of malware that I dealt with during my time at the IT Help Desk.
Today’s post is about Ransomware. Sounds pretty scary, right? Well don’t worry, it’s just as scary as it sounds, and it is easily my most hated form of malware.
What is Ransomware?
Want to extort some money from people? Then simply sneak into their house, steal something of sentimental value, and demand payment or they’ll never see the thing again! Simple, direct, and time-tested. It’s easy money! 1Money and Megabytes does not condone illegal activities including but not limited to trespassing, theft, and ransom. M&Mb makes no guarantees about the “easiness” of making money though extortion. Side Effects may include shortness of breath, sweating, and death. Talk to your local Police Department to see if Extortion(tm) is right for you.
Ransomware automates this process on your digital belongings. It sneaks onto your system unnoticed, prevents access to your personal files, jumps to other computers on the network, and only then lets you know the only way you’ll see your files again is by paying an exorbitant amount of money to the attacker.
Entire hospitals have been taken down by these attacks by preventing access to medical records. Power infrastructure in India was brought to a halt from one employee downloading a game onto a work computer.
Why does Ransomware Exist?
Well, put simply, it’s an extremely simple way to make a boatload of cash. People’s lives are built around their files. Companies need their files to run. Take that away, and there’s chaos. Give people an option to pay for them back, and people will pay. An attacker doesn’t even need to actually give them access back to their files, because guess what? They already paid you in untraceable funds.
Most of the ransomware out there are based on the same set of code, same exploit targeting, and same method of encryption. It’s relatively simple to modify the code to send the payment to you instead, so any script kiddie can write and distribute their own version to get their own piece of the pie.
The Effects of Ransomware on your computer
Ransomware installs itself on your computer, encrypts some of your personal files, and sends itself to other computers on the network, all very sneaky and without alerting the user to its presence. Once all that is done, it displays a message informing you that some of your files are inaccessible, and the only way to get them back is by sending anywhere from $200 – $600 in untraceable bitcoin to a particular place. It usually links to articles explaining how encryption works, how it’s impossible to recover files without the encryption key, how the only way you’ll get the key is to pay the ransom, and detailed instructions on how to send the money.2Quick Aside: I was actually really impressed with how well the ransom note was written. It used proper grammar, spelling, and had really clear instructions about sending payment. This just goes to show that the classic “Don’t respond to emails with poor grammar” isn’t enough anymore.
In my time at the Campus IT Help Center, I heard about one of these infections coming in every once in a while, and saw one personally. While they weren’t particularly frequent, their effects could be devastating. Decades of research, family pictures, important student records, you name it, all gone. And while we recommended against paying the ransom, some people who still ended up paying reported that they were never able to actually get the files back.
Anti-Malware programs like Malwarebytes can sometimes remove the Ransomware program, but once it’s encrypted your data, it’s too late. Unlike most malware types, your trouble doesn’t end when you clean the infection; simply removing the program doesn’t give you back your files.
How to Prevent Getting Hit by Ransomware
Luckily, protecting yourself against most ransomware is pretty simple. Since it needs some pretty substantial access to your computer to modify your files, the drive-by attacks from ads like Botnets from last week aren’t a viable infection path. Instead, it relies on 1) being installed on a computer by a careless user, or 2) infecting other computers on the network through an operating system exploit.
The first path can be stopped by simply following the advice I’m sure you’ve all heard: don’t install things from untrusted sources! Don’t follow links from emails from people you haven’t heard from in years, suspicious looking Facebook chats, or popups claiming your computer has a virus.
The second can be stopped just as simply: keep your computer up to date! Most ransomware, and most malware in general for that matter, uses well-known security holes that have been patched years ago. WannaCry,3It’s a link to the Wikipedia article, not the malware, I promise a ransomware that made the news in May 2017 for infecting over 300,000 computers, crippling the UK’s National Health Service and companies across the globe, used an exploit in the Windows network file sharing system called SMB. The kicker here: a Windows update that patched this exploit was sent around in April, a whole month before the attacks! But since people and corporate IT departments are slow to update, the ransomware was able to spread like, well, a disease in an unvaccinated population. As much as I hate Windows 10’s new method of forcing your computer to restart without user interaction, I suspect this is a direct result from recent ransomware attacks.
Finally, and most important, Backup, Backup, Backup! If you do get hit by Ransomware, it can only attack files accessible to your computer. External hard drives not connected to your computer won’t be affected, and cloud-based backups with versioning will let you revert your files once the infection is cleaned up. Rather than pay an expensive and potentially ineffective ransom, with no guarantee you won’t be hit again, you can just spend a few hours wiping out your computer and reinstalling your programs, and replace your files with the one safe and sound on an offline or cloud-based backup.
The only guaranteed way to get your files back is to recover them from your own backups.
RANSOMWARE makes people money by literally putting your computer up for ransom, promising to release your files if you pay hundreds of dollars. If you pay the ransom, there’s no guarantee that you’ll actually regain access to your files or that you won’t be hit by the same attack again later. Keep your computer up to date and don’t install programs from untrustworthy sources to keep from getting hit by this attack. Keep your backups up to date and separate from your computer. If you do find yourself a victim of ransomware, security experts recommend never paying the ransom. Reinstall the OS on your computer and restore your files from your offline or cloud-based backup.