How Ransomware Works
Not all ransomware is identical. The key thing that makes a piece of malware
“ransomware” is that it attempts to extort a direct payment from you.
Some ransomware may be disguised. It may function as “scareware,” displaying a pop-up that says something like “Your computer is infected, purchase this product to fix the infection” or “Your computer has been used to download illegal files, pay a fine to continue using your computer.”
In other situations, ransomware may be more up-front. It may hook deep into your
system, displaying a message saying that it will only go away when you pay money to the ransomware’s creators. This type of malware could be bypassed via malware removal tools or just by reinstalling Windows.
Unfortunately, Ransomware is becoming more and more sophisticated. One of the latest examples, CryptoLocker, starts encrypting your personal files as soon as it gains access to your system, preventing access to the files without knowing the encryption key.
You can never be sure that the criminals will keep their end of the deal, of course. It’s not a good idea to pay up when you’re extorted by criminals. On the other hand, businesses that lose their only copy of business-critical data may be tempted to take the risk — and it’s hard to blame them.
This type of malware is another good example of why backups are essential. You should regularly back up files to an external hard drive or a remote file storage server. If all your copies of your files are on your computer, malware that infects your computer could encrypt them all and restrict access — or even delete them entirely.When backing up files, be sure to back up your personal files to a location where they
can’t be written to or erased. For example, place them on a removable hard drive or
upload them to a remote backup service like CrashPlan that would allow you to revert to previous versions of files. Don’t just store your backups on an internal hard drive or
network share you have write access to. The ransomware could encrypt the files on your connected backup drive or on your network share if you have full write access.
Frequent backups are also important. You wouldn’t want to lose a week’s worth of work because you only back up your files every week. This is part of the reason why
automated back-up solutions are so convenient.
If your files do become locked by ransomware and you don’t have the appropriate
backups, you can try recovering them with ShadowExplorer. This tool accesses “Shadow Copies,” which Windows uses for System Restore — they will often contain some personal files.
Aside from using a proper backup strategy, you can avoid ransomware in the same way you avoid other forms of malware. CryptoLocker has been verified to arrive through email attachments, via the Java plug-in, and installed on computers that are part of the Zeus botnet.
1. Use a good antivirus product that will attempt to stop ransomware in its tracks.
Antivirus programs are never perfect and you could be infected even if you run
one, but itfs an important layer of defense.
2. Avoid running suspicious files. Ransomware can arrive in .exe files attached to
emails, from illicit websites containing pirated software, or anywhere else that
malware comes from. Be alert and exercise caution over the files you download
3. Keep your software updated. Using an old version of your web browser,
operating system, or a browser plugin can allow malware in through open
security holes. If you have Java installed, you should probably uninstall it.Ransomware — CryptoLocker in particular — is brutally efficient and smart. It just wants to get down to business and take your money. Holding your files hostage is an effective way to prevent removal by antivirus programs after it’s taken root, but CryptoLocker is much less scary if you have good backups.
This sort of malware demonstrates the importance of backups as well as proper security practices. Unfortunately, CryptoLocker is probably a sign of things to come — it’s the kind of malware we’ll likely be seeing more of in the future.