Ransomware - Definition, Prevention and Removal
Ransomware is a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.
Examples of Ransomware
Scareware is the simplest type of ransomware. It uses scare tactics or intimidation to trick victims into paying up. It can come in the form of fake antivirus software in which a message suddenly appears claiming your computer has various issues and an online payment is necessary to fix them!
The level of this type of attack varies. Sometimes, users may be bombarded with endless alerts and pop-up messages. Other times, the computer will fail to work at all. Yet, another type of ransomware can impersonate a law enforcement agency by opening up a page that appears to be from a local law enforcement office and claiming the computer user was caught performing illegal activities online. Files are then locked in hard-to-crack, encrypted files, making it difficult for users to recover unless the ransom is paid.
Typical attacks usually ask for $100 to $200. Other attacks seek much more, especially if the attacker knows the data being held hostage would be can cause a significant direct financial loss to a company. As a result, cybercriminals who set up these scams can make big sums of money.
No matter what the scenario, even if the ransom is paid, there is no guarantee that computer users will be able to fully access their systems again. While some hackers direct victims to pay through Bitcoin, MoneyPak or other online methods, attackers could also demand credit card data, adding another level of financial loss.
History of Ransomware
The first cases were reported in Russia in 2005. However, since then, the scams have spread throughout the world, with new types still successfully targeting victims. In September 2013, CryptoLocker surfaced and targeted all versions of Windows! It has successfully infected hundreds of thousands of personal computers and business systems. Victims unknowingly opened up emails impersonating customer support services from FedEx, UPS, DHS and other companies. Once activated, the malware's onscreen timer demanded an average payment of $300 within 72 hours. Some versions affected local files and removable media. The United States Computer Emergency Response Team warned the malware had the ability to jump from machine to machine and advised infected computer users to immediately remove infected machines from their networks.
Kaspersky security experts have been able to decrypt hijacked data, but they admit it isn't always possible if the encryption is very strong, as is the case with CryptoLocker. It is essential for private users and businesses to regularly back up their computers to prevent the loss of important data.
Prevention and Removal
Computer users should make sure their firewalls are on, avoid questionable websites and be alert when opening any suspicious email messages. Choosing proven antivirus software from a reputable company can help protect your computer against the latest ransomware threats.