Ransomware Problems and Ways to Prevent Them

Ransomware is a type of malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands ransom for the decryption key usually paid virtually via bitcoin.

Ransomware spreads through e-mail attachments, infected programs and compromised websites. It will download and installed without the consent of the user while visiting them or reading the email. A ransomware malware program may also be called a Cryptovirus, Cryptotrojan or Cryptoworm.

Attackers may use one or a combination of different approaches to extort money from their victims:

  • After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
  • The victim is duped into believing he is the subject of a police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
  • The malware secretly encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

The authors of ransomware instill fear and panic to their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
  • “Your personal files are encrypted! You must pay this ransom within 72 hours to regain access to your data.”

Prevention and Solution

Infections can be very devastating to an individual or organization. Recovery can be a difficult process that may require the services of reputable data recovery specialists.

To protect against data kidnapping, experts urge that users backup data on a regular basis. If an attack occurs, do not pay a ransom. Instead, wipe the disk drive clean and restore data from the backup.

  1. Deploy a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of your data or system loss.
  2. Keep operating system, drivers, and bios up to date with the latest patches available. It will greatly reduce the number of exploitable entry points available to an attacker.
  3. Don’t enable macros from email attachments. If a user opens the attachment and enable macros, attached code will execute the malware on the machine. For enterprise organizations it is advisable to leverage on anti-spam and anti-malware protection to scan every incoming and outgoing emails for malicious attachments.

Individuals and organizations are discouraged from paying the ransom. This does not guarantee that your files or data will be released.  Are you interested in learning more about ransomware and ways to prevent it? If your organization has been compromised by a ransomware hack and needs an urgent solution to fix it, please call us now at 630 365 0025. We are ready to help.