What is Ransomware and How Did I Get it ?

By on May 24th, 2017 in cybersecurity, Security

Given the latest ransomware storms on the web, it might be good to make sure we all understand the term and how it works. So what is ransomware and how did I get it?

Wikpedia’s definition of ransomware is:

Ransomware is a type of malicious software that blocks access to data or threatens to publish it until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse.

ransomware
Excellent graphic from Kaspersky that explains ransomware nicely

How does ransomware get on my computer?

Ransomware can appear on your computer via phishing or spam emails containing attachments.  These attachments or links in the content are where the ransomware lives. When the  attachment is clicked, your computer is at risk of becoming infected with a ransomware. Another way ransomware can infect your computer is through compromised websites. You can unknowingly visit an infected website (malicious or legitimate) and it will download  malware to  your computer  without your knowledge. This is why having good anti-virus tools is so important, but even they cannot stop all of the malware out there.

What happens when ransomware is downloaded  to my computer?

If the download succeeds, the ransomware will then have the ability to encrypt files on your computer  effectively locking  your system. As an added insult, a message may appear on your computer instructing you how to “regain access” to your computer. A ransomware attack message may look like:

“Your computer has been infected with a virus. Click here to  resolve the issue.”

“Your computer was used to visit websites with illegal content. To unlock your computer, you must  pay a 1 Bitcoin fine.”

“All files on your computer have been encrypted. Unless you pay this ransom within 72 hours to regain access to your data, your files will be removed.”

Please note that paying the “ransom” to get your data back does not guarantee that the files will be decrypted. Even if the data appears to be decrypted after payment is made, it does not mean that malware infection has been removed. There is no honour among thieves, assume your system and all systems on your network are now infected.

How do I remove ransomware off my computer?

There are software tools available (e.g. Norton Power Eraser and Norton Bootable Recovery Tool, Malwarebytes) that can remove many threats. Some of the more sophisticated threats may be much harder to resolve.

If your files are encrypted, there may be a tool available to unencrypt them depending on the version of  the ransomware  infection. Always check public boards like Reddit to see if there is a solution published for your specific malware.

Always ensure you have clean backups (off line) of your data, so that if you are infected with Ransomware, you can recover without too much hassle.

Advertisements

About Author:

What do you think?