By Reason Cybersecurity
on Mon Jun 01 2015
Ransomware is a kind of malicious software that encrypts or locks your files in exchange for money. Ransomware is a serious threat, one that causes millions of dollars in damages and losses each year. As technology advances, ransomware tactics become more sophisticated and the programs harder to remove and defeat.
A quick recap in PC kidnapping history
Ransomware first appeared on the scene in 1989 when Joseph Popp created AIDS trojan/PC Borg. The program displayed on a user’s desktop with a message that one of their programs had expired and users needed to pay $189 to have it restored. Criminal charges were filed against Popp but he was found to be mentally unfit to stand trial. He promised to donate all proceeds to AIDS research.
The phenomenon laid low for a bit but it had a resurgence in 2005 and by 2006 at least six new strains of ransomware were discovered. These new Russian ransomware strains locked users’ files and left them a ransom note on their desktop in the form of a notepad document requesting $300 for retrieval. Russia remained the main exporter of ransomware but it began to migrate to Europe and beyond. Today there is hardly a country with an internet connection that isn’t affected by ransomware. From Reveton in 2012, the Cryptolocker variants of 2013 and beyond and now the Los Pollos Hermanos or the “Breaking Bad” ransomware that locks PC’s for $450-$1000, the more incarnations ransomware goes through, the more advanced the programs become.
Variations of ransomware
FBI/Police notice ransomware Sometimes ransomware will pose as a notice from the police or FBI telling victims that government agencies have found illegal material on their PC. Unless users pay up within a certain amount of time, data will be locked permanently or destroyed. This was the case in 2012’s Reveton, which posed as local police or government agencies. The on-screen display message stated that the local police found illegally downloaded material like music or pornography on the victim’s PC and in order to unlock it, they had to pay up within 48 hours. It was all made scarily believable as they used the logos of the victim’s local police or government agencies so people regularly fell for it.
Scareware Some variants pose antivirus products or computer optimizers, demanding money to clean or speed up users’ PC. They may lock the victim out of their computer or sometimes they allow the user to access the computer but drive them to the point of insanity with a constant stream of pop-ups and bogus updates. Often times this variation is referred to as scareware as it tries to scare the victim into thinking that this “solution” is their only hope to a safe and secure PC.
Locker variants Then there are strains that encrypt files and demand money for an unlock key. Again, a message displays saying that the victim’s files are locked and unless they pay up within X amount of hours, files will start to be destroyed. The longer it takes to pay up, the more they destroy or the higher the fee gets. This was the case in Cryptolocker – If the payment of approximately $300 in bitcoins wasn’t made within three days, a user could still get the key, just now it came with a price tag of $2300. These are the most damaging of the variations as they are notoriously difficult to remove from computers, short of giving in to the creator’s demands and the culprits generally deliver on their promises.
In all variations, payments are made via gateway payment systems like Ukash or MoneyPak or via bitcoins so there is no way to track where payments actually go and often times the perpetrators go unpunished.
How did ransomware get on my PC????
Ransomware enters computers via infected websites and browser vulnerabilities. By using outdated plugins from Java or Adobe or outdated browsers, you may just be inviting bad guys to a looting party at your expense.
How to Keep Your PC Safe from Ransomware
The good news is that you can prevent ransomware from kidnapping your computer. There are a few steps you can take to make sure you don’t suffer the same fate as the thousands of users who have paid in total hundreds of thousands of dollars to reclaim their PC’s.
Make sure all your OS and software patches are up to date. These patches are issued for your own good so don’t ignore them and do what the little updates from Windows tell you to.
Keep your antivirus protection updated and install a powerful malware blocker like RCS to keep ransomware out. RCS also has Unchecky built in to make sure compromising adware cannot infiltrate your system.
Use a modern browser like Opera, Chrome or Firefox. Internet Explorer is vulnerable to malware of all sorts so if you have been clinging to your old ways, now is the time to ditch it.
Have a backup of all your files in case your PC does get taken, hostage.
Keep far away from shady downloads and email attachments unless you know with absolute certainty they are safe.
Uninstall software you don’t need as it saps resources and can have vulnerabilities. If you ever need it again you can reinstall.