Ransomware - types and prevention

Ransomware attacks are not as common as computer viruses but I still encounter people asking for help every 2-3 months. Just last week I came across such victim and decided to write about it. 

What is Ransomware?

Ransomware is a type of malware. But unlike your typical computer viruses, they encrypt/lock user's files and demand ransom for unlocking them. Hence the name "Ransomware". 

Types of Ransomware

Ransomwares can be divided into two categories by their behavior:

Crypto-Ransomware : They target files on the victim's computer. The victim can access the computer and see the files but can't open it because the encrypted files are not recognized by any software. 

Locker-Ransomware : These target the OS itself. The victim is locked out of their system and often their Keyboard & Mouse are also disabled. 

How to get rid of the Ransomware?

Unfortunately, once you are hit by a Ransomware, there's not much you can do. The original source file of infection is not an issue, it can be removed by most malware removers. But recovering the infected files are the challenge. Your average programmers and technicians can't break the encryption, you will need an expert. And they don't do it for free. 

There are some sites and softwares that brute force known decryption keys to unlock your files but they unlock only 1 or 2 files for free, you need to pay a steep fee to unlock the rest. So it is one those cases where "prevention is better than cure". 

How do you get infected by Ransomware?

All operating systems and softwares are made to assist humans(operators), so we have the ultimate power to override all the basic security protocols. That's the biggest weakness in any computer's security, 'the human error'.

So where do we make mistake? Admit it, we all were tempted at some point(some of us still do) to download the pirated/cracked copy of a game, software or movies to save money. While some of us are smart/lucky enough to find a trusted source(website), others aren't. They don't know where to look and often end up in unprotected websites. 

That's just one example, so here are ways you can get infected by a ransomware(or any malware in general)

• Unsafe and Suspicious Links - Some websites offer free downloads or rewards and as soon as you open it, some download starts automatically. Luckily most of these websites are trying to promote their own software/app/game and the download is harmless but if you are having a bad luck, you end up downloading a Ransomware. 
• Suspicious file or link in email - Luckily most email services are advanced enough to recognize the harmful files and give the warning. But new malwares are created everyday. A new malware with unique signature may slip past the database. Similarly, link are also analyzed but masked urls can still get past the security check. So be careful opening files or links from unknown sender.
• Free Public Wi-Fi - Who doesn't like free Wi-Fi? That's why cyber criminals target such public networks. Most people don't use VPN, so it is easier to monitor connected devices. And they can do targeted attacks. Also some cyber criminals just like the chaos, so there are some malwares that can infect all the connected devices in a public network. 
• Using cybercafe to download something - Even though smartphones these days are capable enough, some websites are not so compatible with smartphones, so sometimes when you are travelling, you have no other option than to use a cybercafe to download important document/files. Those cybercafe computer are usually loaded with malwares. When you use your removable media(flash drive, external hdd, etc) on a cafe computer, the malware copies itself into your device and when you use that device in your personal computer, you get infected.
• Outdated OS or Browser - If you are on discontinued OS(Window XP, Windows 7 for example), you no longer receive latest patches. These patches often contain fixes for newly discovered vulnerabilities. So you are at higher risk of getting infected.

 

How to prevent and prepare for Ransomware attack?

• Always update your operating system as well as any software that require internet connection to work.
• Always make backup of your important files on an external storage device(or on cloud storage), preferably in a zip folder or ISO file.
• Make restore point for you OS on regular basis.
• Use some sort of antivirus/antimalware as well as internet security solution if your antivirus doesn't offer it.