Ransomware might sound a new word for some of you. It is one of those blackmailing software programs that will get installed on computers silently and takes control of the data on them. Unlike malware, adware and other kind of viruses like Trojans, Ransomware programs will not exhibit any misbehavior of computer software programs but will demand for money.
What is this Ransomware? Why will it demand the user for money?Ransomware, being installed, once installed, will encrypt the important data on your computer/network without asking for your permissions and will blackmail you in order to you to access the data by decrypting. A window or notification which cannot be closed will be displayed on the screen showing a countdown clock giving you the time to pay the money to safeguard your data. If you neglect, you data might be deleted or never be restored again.
Encrypting the data? Doesn’t that mean my data is safe?You data will be safe as long as you have control over the encryption and decryption procedures. How could it be safe if it is encrypted by some unknown person leaving you no way to decrypt unless you pay some money in return?
How a computer can be affected?Ransomware takes different forms. It will not enter into your computer just like a software program.
Via Emails – Hackers will try to inject the program as an attachment in email with different file extension which will be exploited once the file is downloaded and tried to open.
Via Security Loop Holes – Hackers will be hunting for the security loop holes to inject the virus programs into our computers. That’s why software vendors advise users to regularly update their software with new patches and upgrades.
Via Freeware – One of the major virus transmission media is the freeware. Hackers consider freeware software as the potential method to spread viruses to take control of users’ computers. After all, not all freeware software programs are virus prone but, be careful while downloading them from source.
Via Cracked Version Software/Game – Only 30% of the computer users buy software genuinely. All others just download them from internet. A computer means only the hardware for most of the people but software is the one that costs 10 times more than an average computer.
A cracked version of the software/game of game might give you full access but it also brings many security risks along with that. Remember that your anti-virus or firewall programs are not invincible enough to block every attack and data slip.
A recent ransomware attack exploited the popularity of the game Minecraft by offering a “mod” to players of Minecraft. When they installed it, the software also installed a sleeper version of ransomware that activated weeks later.
I wonder if you are not thinking about the reason why the IT industry discourage the using of some popular legacy software programs like Windows XP, Adobe Flash etc.
How to know if my computer is infected?
Ransomware is not stealth-ware. It exploits right away at the time it enters the computer or exploits after some time like ‘mod’ ransomware of Minecraft. However, you will be able to see a window or undeniable notification opened with a countdown timer. So, better not search for it and delete other files in suspicion by mistake.
You will be given instructions to pay for the hacker to decrypt the files which would be notified to you in time.
My Computer is infected. What to do now?Before you scream it out, ask yourself the following questions,
- Do I have any important data on the computer?
- If my important data is still accessible?
- Do I have a backup of the data? If yes, to what extent?
Not only you, the ransomware countdown timers also won’t wait till you develop a crack for the encryption and build a super PC. So, there are limited options for you now.
- To wipe all the data on your hard disk and make it new again
- To safeguard the unaffected data onto another safe drives (preferably cloud drives like Google Drive, One Drive and so on)
- To restore the latest backup
Action #1: Disconnect from networkDisconnect the infected computer from the network to avoid the further spreading or damaging of data on the other computers on the network. Ransomware can easily spread through shared files, folders, networks and USB thumb drives.
Cloud storage drives might restore the data as they maintain better security measures to storing the data from millions of users. For better recovery results, better to disconnect even though not connected to any network and only connected to internet through modem.
Action #2: Calculate the scope of recoverySome files may not be affected because of the security programs you are using to lock or encrypt them. Check the list of files that you can still access and move them on to cloud drives or another safe drive as a precaution.
Some ransomware will list the encrypted files in the registry. This might help you separate the affected files and programs from the unaffected ones. Search on the internet for better knowledge of the ransomware that is installed on your computer.
Action #3: Check for security holes on your networkIn general ransomware does not spread over the network like other malware programs. They will only encrypt the files that has direct access to. If you see the ransomware spreading through the network on all/any other computers, it means that your network system has got some security loop holes. Better take care of it first.
Wrapping up with a solutionThe best solution for ransomware infection is that restoring of the backup. It is the ideal solution that gives maximum best result than trying out 3rd party decrypting software. If yours is an organization or a company, backup is an essential security mechanism that you should afford at any cost.
Try to restore files from backup at most extent. If you have not taken any backups, you may have to lose some money or data itself. If you have no important data in the computer, try to wipe it off completely (not formatting). Wiping off the data will erase the file table on the drives and cleans the hard disk as new as it was when bought.
If you even can’t wipe off the data or the encrypted data is important and it is the only copy on your computer, better to take a step down and pay the hacker for decrypting them. Because data is the only weakest asset of any individual or company in digital era.
Once the data is restored or recollected, take precautions for the next time. Use the best security programs and take regular backups to other secured computers or cloud. Train the employees in case of a company. Research and make a list of ransomware programs and block them right at the firewall. Keep the anti-virus- anti-malware and anti-spam software updated with latest definitions and never ever try to use patched security software.
There available some ransomware decryptors developed by popular security software organizations like Kaspersky and Cisco to fight specific ransomware programs like CoinVault, TeslaCrypt and Bitcryptor. Let’s hope the other security software companies also come forward and develop better solutions to keep our data safe.
Wish you a #SaferInternetDay