What is ransomware
and how to protect yourself against it
Imagine losing all the photos, videos, messages, and documents you've stored on your computer. How much money would you be willing to pay to get it all back? Ransomware is malware that infects your computer, locks it, and demands payment for unlocking it. Here's our quick guide to ransomware — what it's all about, and five top tips on how you can prevent becoming a victim of ransomware.
What does ransomware do?
Crypto-ransomware encrypts the files on a computer, essentially scrambling the contents of the file so that you can't access it without a decryption key that can correctly unscramble it. A ransom is demanded in exchange for the decryption key. Once the malware has infected one computer, it can spread to others in the network, making it impossible to carry out normal operations. The ransom fee is usually around $300 to $500 for a computer, and payment is often demanded in Bitcoins, a virtual currency that is difficult to trace.
How can ransomware infect your computer?
You may encounter ransomware in a number of ways: as email attachments, malicious links, or via exploit kits. You can be exposed to exploit kits when you visit a compromised website, click a compromised ad on an otherwise good website or you are redirected onto a malicious site. The exploit kit tests your computer for any exploitable flaws or vulnerabilities, which are common in outdated software. If it finds an opening, the exploit kit downloads and installs the ransomware onto your machine. This can happen completely without your knowledge.
How can you get your files back?
F-Secure advises against paying the ransom. While doing so is one way to regain control of your computer and data, the real remediation begins before you ever get hit — by taking regular backups. That way, if you do get attacked, you can relax and restore everything from the backups. Furthermore, even though most ransomware has returned control, this may not always be the case. You may end up paying and still being left without control.
If your files have been hijacked and you don't have backups, it's worth going online and seeing if there is a decryption tool for the ransomware that you've been hit with. This list is a good start, although decryption tools are typically only available for early versions. And keep in mind that attackers update their approach and use ransomware that doesn't have a decryption tool available.
You also might find it useful to share your situation on a help forum like Bleeping Computer, where there are threads to help with Locky, TeslaCrypt, CryptoWall, Petya, CryptXXX, Locker, and many others. It is also recommended that you report the crime to the relevant authorities, typically the police.
5 tips: avoid becoming a victim of ransomware
Prevention is better than looking for a cure, and that's certainly true for ransomware. Here are our TOP 5 tips to keep your devices clear of ransomware:
Make sure you're running a robust security solution that covers all your devices (PCs, Macs, smartphones, and tablets) and provides protection. F-Secure SAFE protects against all the known ransomware threats that are out there, and it can block brand new zero-day threats as well. As new ransomware variants keep popping up lately, this is important.
Take regular backups of your data. Store the backups offline, so that they can't get infected. And test restoring them from time to time to make sure that they really work. With good backups, if you do get hit, you can get back on your feet faster without having to fork over cash to the criminals.
Keep the software on all your devices up to date to prevent exploits. If you are uncertain how to keep everything up-to-date, you may consider utilizing a tool that identifies old software versions and suggests updates.
Be extra careful with email attachments, especially with ZIP files and Office documents (Word, Excel, and PowerPoint). Don't open email attachments that are sent by someone you don't know. Also disable macro scripts from any Office files you receive via email.
Limit the use of browser plugins. Disable commonly exploited ones such as Flash Player and Silverlight when you're not using them. You can do this through your web browser under the plugin settings.