Ransomware, a Growing and Destructive Threat

You boot your computer, and it tells you that your files have been encrypted, and unless you pay the perpetrator through an anonymous channel, you can’t get them back. If you hesitate, the files might start disappearing a few at a time. This is ransomware, one of the nastiest tricks that online criminals can pull on you. It’s also one of the most popular, since it lets the thieves extort money directly, rather than having to sell personal information or botnet access to other crooks.

Ransomware demands payment in bitcoin, making the transaction very hard to trace. Hospitals are favorite victims; one hospital was forced to hand over more than $17,000. The U.S. government itself has been a target; in fact, an attempt was made to lock up files belonging to members of the House of Representatives and their staff.

The incidence of ransomware is rising steeply. The FBI’s Internet Crime Complaint Center reported 2,453 complaints of ransomware attacks in 2015, compared with 1,402 the year before. Most attacks come in the form of deceptive emails that try to get the victim to open an attachment or to view a web page with a malicious script.

Cryptolocker is one of the most notorious variants. It first appeared in 2013, and more recent versions have adapted to countermeasures that stopped old versions. It tries to encrypt all files that have specified extensions, including most document and image files.

Petya is even worse; it encrypts a drive’s master file table and makes all files inaccessible. The user can only boot up to an extortion note. The files’ contents are still there, but without the MFT, they’re scattered all over the drive, with no way to tell which sectors belong to what files. Making the payment and entering the decryption key are more difficult, since the victim has to find a working computer and then copy the key by hand.

Several measures will help you avoid getting hit by ransomware; the first defense is a good spam filter. Since ransomware attempts often come through email, if they never reach your inbox, you’re safe.

If your Windows system hides file extensions, turn that option off. Malicious email often uses executable attachments disguised as document files. If you can see the file’s extension, and it’s an “.EXE” file when it has no reason to be, you can assume it’s malware.

Of course, you should have up-to-date security software. Its creators work hard to keep up with the latest attacks.

If you get hit by ransomware, you can recover without paying anyone if you have a recent backup. The catch is that ransomware will try to encrypt any attached drives as well as the boot drive. An offsite backup is out of its reach, and you’ll be able to restore your files from it.

Ransomware is a serious threat and getting worse, so take the necessary protective measures seriously.

Centerpoint IT is the trusted choice when it comes to staying ahead of the latest information technology and security tips, tricks and news. Contact us at (404) 781-0200 or send us an email at info@centerpointit.com for more information.