What is ransomware?
You already have the sense that ransomware is not something good. Someone is going to have to pay ransom—and it could be you.
“Ransomware is software that locks away our digital information and holds it hostage until a literal ransom is paid,” said Bob Beachy with Archer Security Group.
You’re at work, or at home, or at a coffee shop on Wi-Fi. Suddenly, you get an electronic message—a digital ransom note—saying that the bad guys managed to download software onto your device, and they won’t let you use it until you give them money. The clock is counting down to the moment when, if you haven’t paid, you lose everything for good.
“Ransomware can impact individuals at home or even large companies,” Beachy said. And it often means you’re going to have a very bad day.
Archer News is answering your questions about cybersecurity for National Cybersecurity Awareness Month. We’re asking security consultants at Archer Security Group—Archer News’ parent company—to share their knowledge and help keep you safe.
Locking up your life
The goal of ransomware is to get you to fork over money. So, the cyber criminals want to make your life very inconvenient—or even, impossible.
It’s not just your laptop. They’ll lock up crucial data hospitals need to keep you alive and well. They’ll lock down police computers so detectives can’t crack criminal cases. They’ll freeze ‘priceless’ race car research that a driver needs to compete at an upcoming race.
In many cases, people pay the ransom—perhaps $10, perhaps $20,000—in the form of bitcoin, an electronic currency that can’t be tracked.
There are some ways to get around some ransomware, but the crooks are hoping you’ll be panicked enough that you’ll simply send them the bitcoin.
“Jigsaw” ransomware displays a ransom note and an evil puppet face on your screen. Image via BleepingComputer.com.
No way out?
In some cases, people, agencies or businesses find no other way to get their essential files back, and give in to the demands.
A NASCAR race car crew paid $500 to get their racing research back. The Hollywood Presbyterian Medical Center paid $17,000 to get the hospital computer system back.
That strategy doesn’t always work.
“Like with other types of ransom, there is no guarantee we will get our information back once we pay the fee,” said Beachy.
How do they do it?
The bad guys don’t actually lock up your computer, they lock up the information itself.
They’ll try to get you to click on an attachment in an e-mail or visit a web site that downloads malware onto your computer. They’ll infiltrate the Internet ad system and show you ads that download malware onto your device.
Once it’s on there, it encrypts your data so you can’t get to it.
“Normally, encryption is used to protect information from eavesdroppers,” said Jim Feely with Archer Security Group. “It turns your information into a scrambled code that can only be unscrambled with a key.”
Normally, you have the key. With ransomware, the bad guy has the key.
“The attacker offers to sell the key to you so you can restore your files,” said Feely.
“Have you ever given your phone to your kid or niece or nephew and had it returned with the screen lock PIN either turned on or changed?” Feely asked. “[Crypto] ransomware is kind of like your niece doing that and then offering to sell you the new PIN that she made.”
What do you do?
Experts say you need to back up your files regularly, so that you can have a safe copy if crooks encrypt the ones on your device.
What if it’s too late?
Go to the website No More Ransom. Researchers have found ways to decrypt some of the big types of ransomware making the rounds, like TeslaCrypt, Wildfire and Chimera.
The site will help you figure out what kind of ransomware you have, and lead you through decryption.
“The general advice is not to pay the ransom,” the site says. “By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the encryption key you need in return.”
The site No More Ransom offers tools to help you figure out what infection you have & how to decrypt it, if possible.
No More Ransom recommends you make two backup copies of your files, one to store on a hard drive or thumb drive, and another to store in the cloud.
The site also encourages you to use antivirus software, keep all of the software on your computer up-to-date, and to “trust no one.”
“Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner,” the site says. It can also look like an e-mail from a bank, the courts or the IRS. The link can release ransomware onto your system.
No More Ransom suggests you enable the ‘show file extensions’ option in the Windows setting your computer so you can keep watch for potentially malicious file extension names like ‘.exe,’ ‘.vbs,’ and ‘.scr.’
And if you find something strange happening on your machine, disconnect it from the Internet immediately, so the infection does not spread any further.
Cybersecurity experts are predicting that ransomware will spread to smart devices like your television and connected things like your car.
“Your TV gets locked. If you want to watch TV you gotta pay,” said Mikko Hypponen with cybersecurity company F-Secure told Archer News at a technology conference in New Orleans this spring.
“You get into your Tesla and it won’t start,” he added. “You get a message that you have to pay $100 if you want to pick up the kids from day care.”
After that, some worry it could hit your wearable technology, like your watch, or your smart medical device.
“It’s all about return on investment, and ransomware is proving to be a lucrative revenue stream for the bad guys, so they have no reason not to continue down this path,” said Marc Blackmer, founder of a nonprofit cybersecurity education program for kids called 1NTERRUPT.
“The question is my head is, how long will it take for these techniques to be weaponized and used against critical infrastructure?” Blackmer asked.
Ransomware makes crooks a lot of money—why risk their lives robbing a bank if they can torture their victims from the comfort of their living rooms?
However, if you can cut their profits by finding ways to prevent the damage and get around the file lock, you can save yourself a headache and help defeat this very popular crime trend.
The Archer News “What is…?” series will continue with more answers to your questions. If you want to know more about a cyber term, send your question to @KerryTNews on Twitter or submit your question through this link.