Let’s Be Careful Out There: Ransomware

Ransomware, a form of malware, has been on the increase for everyone, from individual consumers to large enterprises.  According to a recent Gartner report, the Internet Crime Complaint Center (IC3) has had 7,694 ransomware complaints totaling in excess of $57 million since 2005.  While that $57 million includes additional costs beyond the actual ransom, which usually range between $200 to $10,000.

Pernicious, costly and at a minimum, annoying, are all words to describe the impact of ransomware.  But what exactly is it and what does it do?




noun: ransomware; noun: ransom-ware

  1. a type of malicious software designed to block access to a computer system until a sum of money is paid.

“although ransomware is usually aimed at individuals, it’s only a matter of time before business is targeted as well”

There are different types of ransomware, but they all have the same impact:  they prevent you from using your computer as you normally would and they hold your computer for ‘ransom’.  Ransomware can:

  • Disable your ability to access your operating system
  • Encrypt your files so that you cannot open them
  • Disable certain applications from running, including a browser

The perpetrator will then demand that you pay money, typically by internet currency such as Bitcoin, in order to have access restored.

You can ‘catch’ ransomware the same way other malware and viruses can infect your computer.  The points of origin include:

  • Visiting compromised websites, via ‘drive-by-download’
  • Opening emails and email attachments from people you don’t know or whose account was ‘hijacked’
  • Clicking on infected links in emails, on social media posts, even online chat sites

It used to be you could tell a bad email or website because of spelling, misuse of grammar or other hints and clues (Nigerian lottery winner comes to mind).  More recently, Jens Monrad, systems engineer at FireEye, states “In the past year, we have seen the content of these emails being both near-perfect in local languages and also looking more legitimate than previously.”  Monrad also points to a common delivery channel as shipping notices from delivery companies.  With the prevalence of internet shopping, this channel is ripe for exploitation  – and the bad guys are exploiting it.

So, you caught the infection – now how do you cure it?  That depends.  Paying the ransom is of course an option, but also leaves you a target for future attack.  You already paid once, after all; you may just be the gift that keeps on giving.  Assuming you had a good backup and recovery policy and practices in place, you may be able to restore your computer and/or your files with these backups.  It is hoped, of course, that the backup does not contain compromised files.

The best advice is to protect against the malware in the first place.  Utilizing technologies of anti-virus, ant-malware, anti-exploit, firewalls, web filtering, patch deployments and keeping current with your software continue to be the equivalent of the annual flu shot.  In addition to the standard litany, look at the list of apps and other software on your computer and remove those that you don’t use (or worse, don’t recognize).  Don’t fall victim to the cold caller pretending to be from Microsoft who claims they have detected unusual activity emanating from your computer – of course, the heavy foreign accent could be a clue you should not ignore.

All in all, Mom’s advice was pretty accurate, whether dealing with a cold, the flu or computer infections – an ounce of prevention is worth a pound of cure.