Ransomware: Definition, FAQs and Prevention
What is Ransomware?
Ransomware, from the English "ransom software", is classified as aggressive malware that encrypts hard drives of PCs and other devices and locks out users until a ransom is paid. The classic consequences of a ransomware attack include downtimes and data theft.
Am I infected? Symptoms of ransomware infection
Most of the time, it is easy to tell if you are affected by a ransomware. The following symptoms are among the most common ones:
- Opening normal files ends in errors like "File Corrupt" or "Wrong file extension".
- A notification of infection is displayed with instructions on how to pay the ransom.
- The ransomware program or website displays a running down "countdown" that reports about the increase of the ransom or the final destruction of the data.
- A non-closable window of a ransomware program is present.
- Files like "HOW TO DECREYPT FILES.TXT" or "DECRYPT_INSTRUCTIONS.HTML" show up in almost all directories of your system.
As is generally true in information security, "Defense in Depth" (=coordinated use of multiple security measures), it is also true in prevention against ransomware:
IT-Security Awarness: understanding the dangers that lurk on the Internet makes it easier to protect against them. Take a proactive approach and train yourself and your staff about the dangers, thus raising awareness about ransomware.
Security Products: Many anti-ransomware, anti-virus and other products are offered. None of these products are a 100% solution against Ransomware but using them in conjunction with other practices such as awareness, updates and backups are effective protection against Ransomware.
Whitelisting Software: Whitelisting software defines in a configuration file which software can be installed and used on a system. This allows you to specify that only secure, verified, and signed software can be installed on a system, which is very effective against a ransomware infection.
Frequently Asked Questions
The most common way ransomware spreads is via email. Seemingly legitimate email attachments with various file extensions are sent and as soon as they are downloaded or opened, it leads to an infection. Increasingly, however, there are also so-called drive-by downloads that can infect a system by visiting a compromised website using exploit kits that exploit known vulnerabilities on the affected system. Mods, free software, and other cracked software is often used as a vector for infection. In this case, the uninvited guest ransomware is let in virtually voluntarily by agreeing to install actual malware.
On the ID Ransomware website, one can upload the ransomware notification or an encrypted file. The available tool can then determine the exact ransomware variant and in some cases provide tools to decrypt the files.
Bitcoin is an anonymized online cryptocurrency that uses a peer-to-peer network for transactions and therefore has no central authority. All transactions are public, but the recipients and senders of the payments remain 100% anonymous. Thus, Bitcoin is a very lucrative way for criminals to request extortion money.
No. It is important to note that just because the ransom has been paid and the system has been unlocked does not mean that it is safe again. The vulnerability that initially led to an infection and the infected files are still present on the system. To avoid further and more serious infections, it is recommended to reboot the system, update it to the latest technology and implement additional protection mechanisms.