Research shows that encounters with ransomware—a type of malware that locks out users form a computer or mobile phone it infects and demands a ransom paid to the creator—is on the rise, especially in the U.S. One example is when hackers infected a Detroit municipal database, demanding thousands of dollars in Bitcoins for the City to regain access. Here we’ll show you how to prevent and detect a ransomware attack, and actions you can take if you think you have been infected.
Not all ransomware locks down your system or encrypts your files. Rather, hackers hope to trick users into paying ransoms by stating they have been viewing illicit content, or illegally obtaining copyrighted information. Sometimes the message bears a phony stamp of a law enforcement agency.
More serious variants of ransom may encrypt victims’ files. These are certainly less discreet than a fake warning from law enforcement. “Ransomware isn’t going to have tell-tale giveaways,” says Tyler Moffitt, senior threat research analyst at Webroot. “It isn’t trying to hide—it will make itself known as soon as it’s done encrypting your files or locking your device. Its purpose is to make itself and its actions known to you as quickly and as effectively as possible.”
“The only real protection users have are up to date antivirus and a good backup solution.”
Ransomware can gain access into a computer or mobile phone’s system when the user mistakenly downloads it, thinking it is valid file. Some hackers hide files on torrent sites. Other times they may appear as phony software update pop-ups, as is the case with a common variant affecting mobile phones called ScarePackage, which poses as an Adobe Flash update. Like nearly all malware, ransomware finds its way into a computer system through the user.
Once ransomware locks a mobile phone or computer, it is very difficult to regain access. “You are forced to deal with the malware by either paying them or dealing with the loss of your files if you decide to just wipe the device,” Moffitt says. “Since most users have a strong attachment to their computer and files the ransom payment is in a good position to be strongly considered.”
It’s a sticky situation that is further exacerbated by ransomware price schemes that start relatively low (sometimes around $200, Moffitt says) and can double as each day passes.
This might be a stressful situation, but do not pay the fine. Remove your Ethernet cable to protect other devices on your network. If you have a malware removal program, start Windows in safe mode and run a scan. If you do not have one, or are locked out of Windows and cannot install one, follow these steps:
- Download antimalware software to a different computer and create a CD, DVD, or USB flash drive for it.
- Insert the flash drive or CD in the infected computer and start your PC in safe mode. Run your antimalware software in offline mode.
- Follow the onscreen prompts to clean your PC.
If these steps do not work, you will need to wipe your computer and restore your PC from a backup.
As with preventing any sort of malware, a common sense approach works best. First and foremost, back up your files. Make sure you are using a supported operating system (read: not Windows XP) and you keep all your software up to date. For more malware prevention tips see our supporting resources:
- Website Security Tricks You Can Do Without Purchasing Anything
- Considerations for Layering Antivirus Software
If there are actions or tips you employ for ransomware removal or prevention, please share in the comments below.