Introduction to Ransomware
There were more than 600 million recorded ransomware attacks in 2016. Analysts estimate that these attacks netted cyber criminals more than $1 billion over the course of 12 months, and they predict that the figure will increase, albeit at a slower rate, in 2017. It is considered the most profitable and the most common form of malware now in circulation.
The year 2016 was the year of ransomware. 4 million attacks were recorded in 2015, but this rose sharply to 600 million in 2016. Analysts believe that the rate of increase will slow, but are still predicting a 50% increase in 2017. The NHS in the UK, a Melrose police department in the US, and even the Chinese government have been hit by malware attacks in the past two years.
Yet, very few people really understand what ransomware is, how it is contracted, and what to do in the event of an attack.
What Is Ransomware?
Ransomware is a form of malicious software (malware) that is used by criminals to hijack data, lock screens, and perform other malicious acts on computers and systems. The user is informed of the exploit before the code demands payment in exchange for recovery instructions.
What Does Ransomware Do To Your Computer?
The aim of ransomware is to extort money out of computer users. Different ransomware attacks can have different effects on a computer. Generally, however, it will encrypt files on the computer. Once the files are encrypted, the malicious code creates a ransom note. This note demands payment, usually by Bitcoin or another digital currency, in exchange for instructions on how to recover the files.
When Did Ransomware Start?
2016 may have been the year that ransomware made major headlines, but the first recorded piece of ransom software was actually released in 1989. The “AIDS Trojan” demanded payment of $189 to decrypt files. This particular malware was easy to crack because the decryption key could be extracted from the code itself; an exploit that hackers soon fixed.
What Happens If You Do Not Pay?
The first thought of many ransomware infected users is whether they ought to pay the ransom or not. On the one hand, paying it might mean that they can regain access to their locked files. On the other hand, nobody wants to pay hackers money to gain access to their own files.
If you do not pay the ransomware demand, and there is no known cure for the particular variant that has infected your computer, you will not be able to access your files. Some strains threaten to release information and file content to the public if the demand is not paid.
Unfortunately, the reality is that paying the demand may be your only option once infected. However, you should read below before parting with your hard-earned cash.
What Happens If You Do Pay?
Hackers are criminals, and they are not known for playing by the book. As such, there is no guarantee that you will receive decryption instructions if you do pay the ransom. With that said, there are reported cases of users regaining access once they have paid up. Hackers know that if they fail to send the information, this will become public knowledge, and it means that future victims will be less inclined to pay.
The exact number of attacks that are resolved after making payment is unknown. Most people do not report their success or failure to security firms, and businesses are reluctant to even admit that they were infected because this means admitting to system vulnerabilities.
How To Get Rid Of Ransomware
There are steps that can be taken to remove simple ransomware from a computer. Enter Windows Safe Mode and use an on-demand virus scanner to identify, locate, and remove the malware that has infected your computer.
If you are prevented from accessing Windows, or your computer is locked on a single screen, you can try restoring your system to an earlier date.
If anti-virus software and system restores do not work, there is currently very little that can really be done to recover your files and data. Security experts might be able to help identify the specific strain of malware you are infected with. If they can identify the strain, ransomware removal is possible, but there is no guarantee. For now, the hackers are ahead of the security experts.
How To Prevent Ransomware
The steps to prevent ransomware are similar to the steps to prevent any form of virus or malicious software. Ensure that your operating system and drivers are up to date, do not open files that you do not recognize, and run regular anti-virus scans.
How Does Ransomware Spread?
There are a lot of different ways that ransomware spreads. It might be included in phishing emails, or it can be packaged as part of installation files. Always take care when encouraged to update common applications like Adobe, and use a virus scanner to scan any applications before installing. Only open emails from addresses you trust and exercise good Internet security practices to avoid falling foul of ransomware attacks.
Ransomware removal is possible, but this is not always the case. While we wait for Internet security firms to catch up and produce effective and efficient Ransomware removal tools, prevention is better than cure. If you do fall foul of this type of malware, follow the steps above or contact an experienced security company to help recover your files. Alternatively, you can pay the ransom, but there is no guarantee that the cyber criminals behind the software will live up to their word.