Updated: March 2, 2017. Source : https://bestantivirus.reviews/article/ransomware-protection-guide
Our PCs, tablets and mobile devices have become our holy grail items that we just can’t live without for one day.
We tend to place everything that our entire existence relies upon from personal files, photos, videos, passwords, pin codes and accounts, to work files, important dates and calendars, and more.
Imagine if all of this information was hijacked and in order to retrieve it, you are literally held at ransom to save your personal information.
Talk about invasion of privacy!
Well, welcome to the world of ransomware.
As much as the internet has become our go-to place for absolutely everything, it has become a place for scammers and hackers to have a field day at our expense.
Read this article to become savvy about all things ransomware protection and what you can do to prevent it at all costs.
What is Ransomware?
To put it simply, you are basically held at ransom for all the information on your computer unless you pay up within a certain amount of hours.
Ransomware is basically viruses that come in different forms, some of which are known as:
A Ransomware is an infection that hackers now use because antivirus software has been designed to combat other types of malware like credit card fraud. Ransomware protection demands a step-up from other malware protection.
Ransomware is different to typical malware infections that install backdoors, keyloggers, or trojans on a computer with the goal that users will eventually fill in credit card details and personal information for hackers to use and sell later.
CryptoLocker and its myriad of descendants are different and much simpler in that the underground hackers can provide a smoother revenue stream to capitalize on.
The price you have to pay depends on the hackers or criminal mastermind rings behind it because they use it to fund their underground operations.
You can expect amounts from between $25-$600. The average amount is $300.
But, how do you pay up?
- Bitcoin, the most popular form of payment today, is a wallet that you install on your computer or mobile device.When you install it, you generate your first Bitcoin address with the possibility to create more in the future if you need to. You share the address with people, much like you share an email address, so that you can make payments.
However, a Bitcoin address can only be used once.
- Payment Vouchers
- Moneygram through which you send money onto undetectable prepaid cards in Eastern European countries.
When Did Ransomware Hit the Scene?
The first recorded case of ransomware was in 1989, known as the AIDS Trojan.
The first type of major ransomware for extortion purposes came about in 2005 by the name of Trojan.Gpcoder.
After this there were several types of more sophisticated worms that used encryption schemes.
And then we get to 2013!
In 2013, this type of infection made center stage when the CryptoLocker made its debut when it raked in over 5 million American Dollars in just four months.
Reports were coming in at a flooded rate that a new, mysterious virus had placed users’ hard drives on complete lock-down, and the only way to retrieve the folders and files was with a hefty sum.
Over thousands of computers were infected by this cryptic infection in just a few days.
Hackers used botnets and typical phishing links in email attachments embedded with infections, as well as unreliable downloads to infiltrate computer systems.
These users went to extreme lengths to jail break the encryption with system resets, installing completely new hard drives, or flashing the BIOS, but to no avail!
The only thing that appeared on their screens was a flyer stipulating how much needed to be handed over in order to regain access to their folders and files. The flyer was also like a ticking time bomb as it indicated how long the user had to pay in order for the information not to disappear forever!
Basically, things went from bad to worse because victims paid up. They couldn’t figure out any alternatives and time was ticking fast.
Word got out and the hackers were milking it and had everyone to their knees.
In other words, Ransomware became the new way to make an easy buck!
By 2015, the U.S., UK, Germany, Italy, Russia, and Japan were heavily impacted by ransomware in all its shapes and sizes.
What Types of Ransomware Are There?
I mentioned some of the types of ransomware above, but let’s get into the finer details.
I said that ransomware encrypts your personal files and data, or it can lock your computer preventing you from using it.
So, you can categorize the main types into:
- Locker Ransomware
- Crypto Ransomware
- Master Boot Record Ransomware
- Web Server Encrypting Ransomware
- Mobile Device Ransomware
Both locker and crypto have the same goal but they work in different ways, which makes them quite different. both technologically and psychologically.
1. Locker Ransomware (WinLocker)
Locker ransomware, otherwise known as Lock Screen Ransomware, locks your computer’s user interface and denies you entrance unless you pay a fee to gain access.
The fee is usually around $200 and favored in vouchers.
Most of the computer will be on lock-down which means the mouse and keyboard will stop working. Only the numeric keys will work so that you can type numbers to fill in the payment code.
This type of infiltration usually leave your data and files untouched, so that if the malware is removed, the computer will return to its initial status unharmed.
It is therefore less effective than its counterpart because it is easier to unlock a PC with the help of tech-savvy geeks (jokes aside) who can restore the access without blinking an eye.
This type of malicious activity plays more tricks on the mind than your technology because hackers use social-engineering tactics to put victims under pressure to pay up.
These hackers usually mask themselves as law enforcement authorities that issue fines by accusing you of committing online criminal activities.
2. Crypto Ransomware
Crypto-type ransomware, also called encryption, is more tricky to combat.
The viruses are designed to encrypt your stored PC data, rendering the data useless unless the user gets the decryption key.
This type of ransomware is a huge burden in a world which now relies on all things digital, where people store all their important personal information. Many users do not know the value of backing up data until it’s lost and irretrievable, and this makes a lot of us victims.
Well, not for long we hope owing to the helpful advice and information in this article.
Once the crypto ransomware is installed into your computer, the threat quietly infiltrates your data and searches for files to encrypt.
This is some serious technological guerrilla warfare if I say so myself!
The threat keeps itself on the down-low until it has encrypted all your files that seem of value to the PC user. By the time the user becomes aware of any threat, it’s just a little too late. The user is presented with a malware message which informs him/her of the bad news.
With most ransomware of this nature, the computer continues to work as normal because the malware is not built to attack critical system files, neither it is designed to deny access to the computer. This means that the user can still use the computer at large besides for the files that have been encrypted.
The user usually discovers the issue when he/she attempts to access or open a file that has been encrypted. This file has in effect been deleted after it’s encrypted and can only be retrieved if the user pays up.
Only some encryption software show a lock screen warning.
3. Master Boot Record (MBR) Ransomware
There is also MBR ransomware – this type of malware attacks the Master Boot Record of your PCs hard drive which allows the operating system to boot up.
MBR ransomware changes the PC’s MBR so that the normal boot process is interjected, and a ransom demand appears on the screen.
4. Web Server Encrypting Ransomware
This type of attack targets web servers by encrypting a few files on it.
The attackers look for vulnerabilities on the Content Management Systems in order to deploy the ransomware on the web servers.
5. Mobile Device Ransomware
Usually an attack on Android mobile devices, this ransomware infects devices with “drive-by downloads”.
Another way to infect mobile devices is with fake applications that pose as popular app services, sometimes they even masquerade as antivirus products.
Evolution of Modern Ransomware
Ransomware is much like Darwin’s theory of “adapt or die,” or “survival of the fittest.”
As time goes on, the weaker form of the malware becomes obsolete, while the stronger types evolve into family groups, making it harder to deal with with ransomware protection.
What Types Isn’t There a Cure For Yet?
It is not easy to predict how exactly the landscape of ransomware will take shape in the future, and if we will be able to develop counterattacks for every single type.
The best we can do is look at the patterns of the previous malwares to extrapolate what’s in store.
The ransomware technologies have reached a high level of maturity in 2016 owing to the amount of criminal masterminds in the industry, and because of the plethora of types as you can see in the graph above.
Another indicator of ransomware’s maturation is the advent of RaaS implementation.
Every 2 to 3 years, cyber criminals switch their focus onto different avenues and adaptations of this type of malware.
Crypto-type ransomware seems to have reached its apex which means that it could plateau before it declines, making it easier for antivirus companies to develop all-encompassing cures for all types.
This is not a reason to get a champagne bottle out just yet because it will take some time for a decline to be noticed and it will most probably never reach zero.
We may see a decline as a result of several factors, including:
- Law enforcement crackdowns
- Better protection
- Increased awareness
- Refusal to pay ransoms
- Change in international law
- Financial regulations
However, in saying that, internet criminals make think up on new ways to extort us of money.
We cannot be certain as to why they are currently focused on crypto ransomware, but I wouldn’t put it past them to come up with other malicious strategies.
We need to be cautious because the more technological innovation emerge, the more avenues the criminals have to interrupt our lives, and the more ransomware protection becomes a harder feat.
Targets of Ransomware
Cyber criminals do not have filters when they attack users and systems; they just want money.
The world is at risk will different countries ranked higher on the scale because of the concentration of developed hi-tech businesses and institutions in developed countries.
These users are probably the easiest to target because of their lack of fluency with PCs, or their not being aware of how ransomware operates.
This group usually has the least amount of technical assistance to get out of any situations to do with malware threats; this results in these victims being quicker to pay the cyber criminals.
Home users store very important personal information, from personal records, to university or work projects, or photos and videos; however, despite the value of these files, a lot of home users don’t invest in a back-up plan, such as: hard drives or clouds.
A survey done by Norton discovered that 25% of home users did not use any backups at all, while 55% backed up some files. When it came to backup frequency, only 25% of the users back up their data once a week with the rest backing up files only once a month or even less.
Sometimes it’s even trickier because home users with local backups do not realize that the ransomware deletes the local backup and encrypts the backup files which are on the external storage device connected to the PC.
Lots of businesses solely rely on technology and devices, so ransomware criminals know they are a good target because without their PCs, programs and devices, they cannot conduct day-to-day work.
Business PCs also contain highly sensitive information such as business plans, customer databases, employee credentials, reports, sources codes, forms, proposals, and tax compliance documents.
Moreover, these files are usually on shared servers. The modern crypto ransomware can access and encrypt all drives, such as local file-share servers and encrypt all the data on there. This means that an entire database system can be affected by one ransomware infection on one device or PC.
Businesses usually have backups to avoid these kind of disasters and to keep the business running at all costs.
These backups need to cover any individual end users who are connected to the system!
It is essential for businesses to backup their work every single day and to run tests to ensure that the data has been stored safely away.
Any civil institution, whether it be educational centers, hospitals, or law enforcement agencies need protection against cyber criminals.
No one is safe today!
Public agencies are usually targets of crypto ransomware and then they have to pay up a hefty sum in bitcoins to retrieve months and years of important information.
Cyber criminals are always at work strategizing and creating new ransomware that can attack any modern system.
The whole world practically runs on computers and software these days – from a small barista coffee shop to your large transnational corporations; this makes every system a target with the latter being more desirable for criminals.
Even something like your refrigerator, TV, routers, mobile devices, surveillance cameras, media players, NAS (Network attached storage) devices, and more are built on a Linux-based system.
What does this mean?
It means that everything is up for attack by or vulnerable to ransomware!
Currently, as I mentioned before, PCs, mobile phones and servers are the biggest victims of these attacks.
PCs are the number 1 targets of ransomware today.
Most of the infections infiltrate PCs that run on a Windows operating system because this software makes up the bigger percentage (89%) of desktop computers, with Linux and Mac OS X making up the other percentage.
This goes to show that the internet criminals leave no one unnoticed.
Soon after PCs were exposed to this kind of malicious tactic, mobiles bore the brunt of this infectious torrent as well.
Mobile phones and security firms were targeted and reports came in that they were also in peril!
The threats had migrated to specific hardware which ran on the operating system of Google Android, and even iOS software was a victim to this madness.
The ransomware for mobiles worked much like its predecessor as it completely locked the device with a message insisting on a crazy amount of money within a limited amount of hours, unless the mobile user wanted his/her device wiped off the planet.
There was some light at the end of the tunnel for mobile users because most phones and tablets, with both iOS or Android, automatically protect you from harm by backing up important internal data, like: contact numbers, photos & videos , texts, and notes.
The data is saved to a cloud service every time the device is plugged into a charger.
The most the mobile owners lost were a few songs saved on their SD cards.
This is changing with the emergence of newer and better gadgets through which we can access the web and anything we our hearts desire.
All smartphones and tablets are targets since the inception of the iPhone in 2007 and the Android a year later.
When it comes to the type of malware for iOS and Android, they are worlds apart but both equally at risk.
iOS is harder for cyber criminals to nail owing to the tightly controlled and monitored software. They have to go to great efforts to establish a enterprise developer certificate from Apple in order to build the application, get it signed, distribute it, and then convince users to install it onto their devices.
Everything relies on Apple approving the certificate.
This is a mission and hard work with very little payback.
Android, on the other hand, is an easier feat for malware.
The platform is more open and lenient in that users are allowed to download pretty much any app, unlike iOS.
The bad news is that malware masterminds can manipulate this flexibility by creating infectious apps that are easy to distribute.
Ransomware might even affect your wrist…
What do I mean by that?
Well, think of the new smart watches.
Android Wear and Apple Watch are new on the scene and can attract the attention of ransomware creators.
In other words, we can’t throw caution to the wind. We need to remain vigilant.
The list continues to grow in the smart world with smart TVs, smart clothing, smart locks, smart fridges, and internet-enabled cars.
These are all connected computers and are vulnerable to cyber criminals for ransom.
In saying that, mobile devices and the like are more for leisure and messaging and not file productivity with highly valuable files.
This is why PCs are still the number 1 target as there is a much bigger profit to be made.
This is gold mine for criminals in that servers contain highly sensitive and valuable data that are critical to a institution’s or organization’s existence, making it easier to exact ransom payments
Enterprises are covered and usually secure with recovery systems, backups and BCPs (business continuity plans), so cyber criminals have a different approach to demand a ransom.
They use a strategy to penetrate the target server and to patch the software in order to turn the stored data into an format that can be encrypted with a decryption key that only the cyber criminals have access to. This attack is silent and it infiltrates all the data, including the critical server and backed-up data. This requires patience and time on the side of the criminals, but once achieved, they can demand hundreds or thousands of dollars in return for the decryption key which they removed.
How to Protect Yourself From Ransomware?
Well, there are several ways to practice ransomware protection yourself to prevent an attack. We have adapted since 2013 when the world of PCs received a bit of a wake up call.
Let’s start off with the most basic one.
- Back Everything Up!Ransomware basically places you in a precarious position to give up money in return for your precious files and data.
Why not think of it for a moment like this: you almost always make copies of important official facsimile documents like birth certificates, driver’s licenses etc.
So why not back up your main PC just in case?!
It can’t hurt, right?
All you need to do is invest in an external hard drive, such as a portable hard drive, extra laptop, or thumb drive on which you place “carbon copies” of every single file and folder from your main PC. In this way, if you encounter ransomware, you can tell the criminals to keep the information and get lost!
Back up your data at least once a day, every day; disconnect the drive once the download is complete, and you’re golden!
- Use Cloud Storage or a Backup ServiceIt is also good to have a second back-up plan which is that of a cloud that automatically backups your files. In this way you have both a physical and virtual backup of your data.
This will offer the same level of protection that an external hard drive does.
What makes this even easier than the option above is that you do not need to back up your data every day or week because it’s automatic.
What makes this option a little less desirable is that it’s pricey in the long run compared to a hard drive.
It is worth knowing that there are free services like Google Drive and Microsoft OneDrive that are cloud storage services at your service.
Google Drive offers up to 15GB of storage for free, which includes the Google Drive, Google Photos, and Gmail. “My Drive” is the folder you can access from any device, and within this folder you can open, create, and manage all your folders from which you can upload or sync files in the form of Google Docs, Slides, and Sheets.
Microsoft OneDrive also offers 15GB of free online storage. OneDrive is built for Windows 8, but you can install it for Windows 7 or Vista (32-bit or 64-bit). You can sync folders to add them to your PC and online, If you have files that are only online, you need to be connected to access them. OneDrive also offers an extra free 3GB of online storage for mobile devices so you can back up photos.
Both of these free cloud storage options are good places to share files and to place all important data as backup. If you want more storage space, you can pay for more.
Some advanced antivirus plans offer online storage as an additional feature.
Norton security offers secure online backup in its Norton Security Premium Bundle. This feature can also be purchased separately with other packages. It offers up to 25GB of storage space by using high-end encryption software. It is important to note that every country varies with upload space and speed, so it is worth checking what applies to you. Some home users will not have the space for 25GB, or it will take a few weeks to upload the package for storage.I’d say that the best approach to backup is the “layered” strategy which includes all of the following:
– A Network drive
– A Cloud service or even two separate services by different companies
– An external drive which is disconnected from your network
This way, there is absolutely no chance that you will lose anything to malware or even a physical PC malfunction.
- Use Strong Antivirus SoftwarePick an antivirus with ransomware protection.
Also, keep your “heuristic functions” switched on as they help to detect ransomware that still hasn’t been formally detected.
- Keep Computer Software Up To DateInstall and update the latest version of your operating system (OS).
If the software offers an automatic update option, TAKE IT!
- Enable “Show File Extensions” on WindowsIn your Windows Settings on your PC there is a setting to show file extensions. You need to enable it.
The reason is that it makes it much easier to spot files that have the potential to be malicious.
It is also important to steer away from file extensions that include ‘.exe’, ‘.scr’, and ‘vbs’ because scammers use extensions to mask a video, document, or photo vile that is malicious.
- Disconnect Unknown ProcessesIf you find an unknown or rogue process on your machine, you need to disconnect it immediately from network connections such as the Internet, WiFi, and any other networks so as to prevent the spreading of the infection.
- Do Not Trust AnyoneCyber criminals like to make use of social media platforms of the accounts of your friends, family, or colleagues to send you malicious links masked as harmless ones.
The moral of the story is not to open ANY email attachments from addresses you don’t know. If it appears from someone you do know, it is best to check with that person first if you have your suspicions.
Another thing internet criminals do is to send fake emails appearing as online banks, a tax collection agency, a court, or the police. They do this to lure in the recipients to click on malware-ridden links in order to release it into your system to seize control of it. This process is called Phishing.
Do not give your personal information without having some kind of protection barrier in place, and do not click on suspicious links.
- Wait and See…This is a bit risky, but I’ll mention it anyway.
Wait to see if you get infected.
If you are, pray that one of the major antivirus providers have created a cure for your type of ransomware.
A lot of the top antivirus companies have created fixes that you can download onto a USB and plug it in when the random flyer screen pops up.
Some of them have a repository of keys and applications that have been developed to decrypt data.
What Types Can You Defend Yourself From By Using Antivirus Software?
The top antivirus providers usually provide some kind of protection against ransomware.
Bitdefender offers anti-ransomware protection in each of its packages and products, making it my top choice. Bitdefender denies access to any non-approved program that is designed to change a file in a secured folder. The service also sends a warning message to notify you of the detected threat. If you know the program, you can hit “Allow” to let Bitdefender know that all is okay.
It is important to note that this function isn’t enabled by default; you have to enable it on the control panel and add the folders you want to protect.
What to Do If You Are Infected?
You know you have been infected if your files have been encrypted and you can’t open them, or if you computer or device has been locked. Other indications of a virus is the inability to Restore your system or use Startup Repair.
They key indicator is the ransom message your receive and the preferred method of payment.
If you do not have backup files or protection, you will have to take some measures against this infection.
DO NOT JUST PAY UP!
We do not want to encourage the criminals to continue with their illegal activities.
Here are some steps to take if you have been infected! (Seeing that Windows PCs are the most targeted devices, these steps focus on this).
- Remove your infected computer from the network (if it is connected to one).
- Copy your disk and impacted files in case you need them for decryption of files or to analyze the malware.
- Try and work the healthy System Restore Point if you have one.
- If you have any recent backups of your files and data format your hard drive and reinstall the software, for example Windows, and restore the files from fresh.
- Boot your PC into Safe Mode and then run your Antivirus software deep-scan onto the PC so that it can remove the infection. The chances are that the infection will not be removed, but you can try anyway!
- Identify the type of ransomware that has infiltrated your PC. There are free online services for this termed ID Ransomware.
- If you have identified the ransomware, look for the decryption tool that matches the type. Here are some names of decryptor tools.
- If there is no success and you are completely blocked so that your PC has very restricted functions and access, use the Kaspersky WindowsUnlocker to gain access again, and which is used to counterattack a ransomware infected Registry.
- The last resort is to pay the cyber criminals if you really need your files back and have no other way to retrieve them. If this is your last resort, report this incident to the cyber law enforcement in your country. However, paying doesn’t always guarantee recovery of data because there can be bugs in the decryption key that the criminals provide, which means that your data will be rendered unrecoverable.
Here are some websites to report ransomware attacks:
USA: On Guard Online.
UK: Action Fraud.
Canada: Anti-Fraud Centre
France: Agence Nationale de la sécurité.
Ireland: An Garde Síochána.
New Zealand: Consumer Affairs.
Or. you can report any cyber crimes here.
I suggest that to avoid all this headache work and the risk of payment, protect yourselves beforehand and take measures to backup all your essential files and data.