You may remember our article from last September regarding Ransomware and in particular the CryptoLocker virus. So why are we writing yet another article about this malicious malware? Simply because in 2016 there was a massive rise in the number of Ransomware attacks.
There are currently two types of ransomware in circulation:
Encrypting ransomware, which is designed to block system files and then demand payment to provide the victim with the key that can decrypt the blocked content. Examples include Cryptolocker, Locky and CryptoWall.
Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
Ransomware differs from other malware in that it features unbreakable encryption, meaning that you can’t decrypt the files on your own. It can encrypt all kinds of files, from documents to pictures, videos and audio files and it can scramble your file names, so you can’t know which data was affected. Usually, the ransom payments have a time-limit - going over the deadline will increase the ransom, but it can also mean that the data will be destroyed and lost forever
Victims are hacked by clicking on an innocent looking attachment or website link within an email. This releases malicious software that destroys not only the victim’s data but also the data on any connected device including network shares. Ransom notes then appear demanding that money be paid in Bitcoin in return for a decryption key that will disable the virus. However, there is no guarantee that the key will work or prevent further attacks.
Ransomware creators target home users mainly because they often don’t have data backups; because many users will click on almost anything and because their software and antivirus are not up-to-date (even if specialists always nag them to keep them updated!).
Businesses are targeted because that’s where the money is; because it can cause major business disruptions, which will increase their chances of getting paid and because computer systems in companies are often complex and prone to vulnerabilities that can be easily exploited.
Public institutions, government agencies in particular, are targeted because they manage huge databases of personal and confidential information that cyber criminals can sell; because they often lack defences that can protect them against ransomware and because they often use outdated software and equipment.
Like most malware, ransomware gets onto systems through untrusted sites and attachments. So protect yourself by installing antivirus software, keep your operating system and applications up-to-date and don't visit any suspicious sites or open email attachments from unknown sources. The most important piece of advice I can impart is that you perform regular back-ups of ALL YOUR DATA onto an external hard-drive, then immediately unplug the device from your computer as ransomware can encrypt what is on that as well as what is on the computer.