Ransomware - What Is It and How Do I Protect Against It?

An attack every 11 seconds: Cybercrime Magazine's 2019 prophecy has been realized, with the Internet of the future looking more like a ransomware minefield than the peaceful utopia some might have hoped it would be. By the end of 2021, total losses resulting from ransomware attacks should easily exceed the $20 billion USD hurdle, making ransomware into the most profitable form of malware in history - a triumph for cybercriminals everywhere. For everyone else, ransomware is not only a threat but a financial problem, as dangerous as bank robbers or bandits in the pre-surveillance era. But don't fret, in this article, we'll show you how to protect yourself.

What Is Ransomware?

Ransomware is a widespread form of malware, known in some circles as an extortion Trojan. These programs take specific files, or your entire system hostage (through encryption), demanding a ransom in exchange for their release (decryption).

The first ransomware attacks date back to the 1980s, and were executed by smuggling the programs onto systems via floppy disks. Over the past 15 years, however, ransomware attacks have grown more sophisticated and common, causing billions of dollars in damages every year. But how does ransomware work?

Encryption of Documents
Files on your system are encrypted against your will; for this reason, ransomware are sometimes referred to as crypto-Trojans. On occasion, ransomware will completely lock you out from your system or device. This variety is referred to as locker ransomware.

Demand a Ransom
Once your files or system are encrypted, the hostage-taker will demand payoff for their release. Only after this has been confirmed, will the ransomer send a decryption code with which you can unlock your files. Payment is typically made using cryptocurrency like Bitcoin. Should you refuse to negotiate or pay, it's common for the data to be deleted. To help force your hand and motivate you to pay the ransom, the Trojan's interface typically also shows a countdown.

Even if your pay off is received, there's still no honor among thieves, and therefore, no guarantee that you'll receive a decryption code. For that reason, many, including the FBI, strongly advise against paying.

Ransomware is no joke, but what makes it such a threat?

WannaCry

One of the most infamous ransomware attacks took place in 2017 using the so-called WannaCry software. This exploited a weakness in Windows that was once used by the NSA for surveillance and intelligence-gathering purposes. In the wake of the WannaCry outbreak, 230,000 devices around the world were locked. Even beyond this, the chaos was extensive: The British National Health Service (NHS) had to contend with 92 million GBP in damages, as well as large numbers of canceled appointments and operations owing to the resulting breakdown of their IT infrastructure.

In short: It doesn't matter if you're an individual, a company, or even a governmental organization or ministry: No one is safe from ransomware attacks. But how do such programs find their way onto computers in the first place?

How Does Ransomware Infiltrate My System?

Like most types of malware, ransomware is often concealed in manipulated files or executable programs. As such, ransomware can infiltrate your computer in a number of ways, including:

Security Flaws in Operating Systems and Software
Software developers constantly close both small and large security gaps through patches and updates. If unresolved, these can be exploited by attackers to infiltrate your computer system. As such, ignoring updates, or using outdated (unsupported) systems can be an invitation for trouble. As WannaCry was hunting for easy prey in 2017, it happened upon the outdated IT systems of the NHS, which continued to use Windows XP.

Email Attachments
Like other kinds of malware, ransomware likes to piggyback on emails, either directly in attachments, or behind infected links.

Manipulated Internet Sites
Entire websites can be elaborate ransomware traps. As soon as you visit one of these, a drive-by download begins which secretly loads the program onto your computer.

How Can I Protect Against Ransomware?

Regardless of how ransomware makes its way onto your system, once it's there, it can unleash considerable damage at any time. Like most things in life, the best protection against ransomware is to be proactive. You can also utilize specialized software, however, one of the most effective ways to reduce the likelihood of falling prey to a ransomware attack is through sensible browsing behavior and computer usage.

Regularly Update Your Operating System & Software
Because the digital infrastructure of the NHS was based around Windows XP, its computers were easy targets for WannaCry attacks. That should serve as a lesson to nearly everyone too lazy to upgrade to a supported operating system or those who procrastinate about performing automatic updates. Once security flaws become known, it doesn't take long for patches and updates to close them. However, this also signals to malware developers that they can exploit those weaknesses on systems that haven't updated. For heavily-used software, such as your Internet browser, paying regular attention to updates is particularly important.

As long as your operating system and commonly used programs are kept up to date, the risk of falling victim to a ransomware attack is relatively slight.

Perform Frequent Backups of Your Files
Should a ransomware attack "only" encrypt your files and data, the impact of not paying the ransom depends on how important these files are. If you had saved them elsewhere before the attack, losing them temporarily on your computer can be more of an annoyance than a catastrophe, potentially saving you a large amount of money and drama. After all, the best way to remove ransomware is to reinstall Windows on your computer. Accordingly, we recommend regularly backing up your data, for example with a dedicated cloud service.

Take Care When Opening Email Attachments
Like nearly every type of malware, ransomware can be easily secreted into email hyperlinks and attachments. We recommend only opening attachments after you've confirmed who the sender is. Frequently, infected emails disguise themselves as coming from reputable companies or businesses (such as Amazon, Paypal, or Apple) with subject lines such as "Important information about your account!" Upon closer inspection of the sender, however, it becomes clear that these messages are not from any of the named services.

Utilize Antivirus Software With Integrated Ransomware Protection
Installing security software which includes protection against ransomware is certainly the safest option in defending against such attacks. Nearly every antivirus suite includes this feature nowadays, however, most reserve them for premium (paying) customers.

As part of EXPERTE.com's comprehensive assessment of 11 of the leading antivirus programs, we paid particular attention to their capabilities in combating ransomware. You can view the results in our anti-ransomware evaluation.

How Do I Remove Ransomware?

And what to do when prevention is off the table? One thing is certain: Ransomware doesn't stay hidden for long, since the entire purpose of the software is to generate funds through ransoms. As such, if a few days or weeks have passed since opening a questionable email attachment, or clicking on a strange pop-up, your system is most likely not infected.

As another "benefit", in the grand scheme of things, ransomware extortionists are relatively polite, as far as cyber criminals go. If you've been infected, you're likely to see a message like this, explaining the situation you are in:

Depending on the particular strain of ransomware, and which resources you have at your disposal, there are a number of solutions. Here, we'll show you how to remove ransomware.

Conclusion

The international hysteria and fear surrounding ransomware is not without cause: This nefarious variety of malware wreaks financial havoc to the tune of billions of dollars, every year. It would be one thing if these attacks were directed only against governments, or large corporations, but they aren't, and can impact individuals as well as government ministries. Once the software is on your system, your options become extremely limited.

For that reason, as with all malware, prevention and being proactive are the best defenses. If you don't open any suspicious emails, visit questionable sites, and regularly update your software and operating system, the chance of falling prey to a ransomware attack decreases dramatically. To improve your chances even further, the anti-ransomware features of antivirus programs can round out your defense.

Author Janis von Bleichert
Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of EXPERTE.com. He writes about hosting, software and IT security.
Other languages:
Deutsch