Dear readers,
Over the past two years, you may have noticed the emergence of a very nasty new type of computer threat called Ransomware. According to Kaspersky, a computer is infected with ransomware every 10 seconds. In 2017, more than 150 countries were affected by the ransomware variant called WannaCry. It really made a lot of people want to cry, as the damage it inflicted is estimated at over $ 1 BILLION.
So how does this ransomware work? Let’s take a couple of minutes to see how it infects your computer and what it does to you after that.
Stage 1: Infection
Ransomware generally tries to infect your computer in two ways. The first is infected email attachments. Using a technique called phishing, hackers can learn about you through your LinkedIn or Facebook accounts and then send you an email that looks like it came from your colleague or friend. This email would contain an infected attachment with a name relevant to something you would receive from them. By investigating you and your habits, hackers make fraudulent emails more credible and increase the chances that you will click on the infected attachment.
Another way that ransomware infects your computer is through compromised or infected web pages. In this case, you can receive an email, a text message on your phone, or even a LinkedIn or Facebook post with a link. This type of message or post is designed to appear legitimate and entice you to click on it, which will take you to an infected web page. After that, the ransomware on the page scans your computer for vulnerabilities. If it finds one, the ransomware immediately uses it to infect your computer.
Stage 2: the damage is unleashed
When infecting your computer, the first thing ransomware does is scan your computer and every external storage medium for files that are important to you. For example, your photos, videos, music, and MS Office files would be great candidates. Once the files are found, either locally or over the network, the ransomware encrypts them with its own secret key. Once the files are encrypted, they are useless to you as their content is rearranged in such a way that your computer no longer understands them and you cannot open the files. Note that system files that belong to the operating system are generally not modified. That would render your computer inoperable and prevent ransomware by continuing to the next step.
Stage 3: demand for ransom
Once the ransomware does its dirty deed and encrypts all the files it likes the most, it comes up with a ransom letter. The letter explains that your files are encrypted and in order to decrypt them or put them back in the order they were before and make them accessible again, you must pay a ransom. You see, the authorities could easily trace a simple money transfer and hackers would be caught very quickly. That is why the hackers came up with a more sinister scheme to use another type of currency called BitCoin. This currency is legitimate and is used on the web for financial transactions. However, hackers liked Bitcoin for its anonymity. BitCoin transactions are virtually impossible to track, making money exchange safe for hackers and untraceable for us. Since most of us don’t have BitCoin lying around, hackers “politely point out” you legitimate sites where you can buy BitCoin with your money. They then tell you where to go to pay with your newly purchased BitCoins. In return, the hackers should either send you a key or make the ransomware decryption option available, so that you can get your files back. The requested ransom varies, but on average it is about $ 679 worth of BitCoins. To deliver even more bad news, there is no guarantee that after paying, you will get your files back. There have been many reports of users paying and getting nothing in return! Sounds scary, right?
Then what do you do? How do you stop this nightmare?
Solutions
You may want to do several things to lower your risk of infection:
Keep your operating system up to date
It is widely proven that most ransomware uses vulnerabilities found in operating systems such as Windows 7, 8, and 10. By updating your operating system regularly, it fixes those vulnerabilities, so when ransomware tries to infect your computer, the loopholes are they close. In Windows operating system, you can set it to update automatically and all you have to do is restart the computer from time to time when the updates are applied.
Choose and correctly install your antimalware solution
Your protection software plays a very important role in defending your computer from all types of malicious software (malware), including ransomware. You can detect malicious behavior and stop it before it can cause significant harm. Maintaining a proper and up-to-date antimalware solution is absolutely necessary to keep your computer clean and protected.
The last frontier of protection: backup
You might be surprised to learn that the best protection against ransomware is to be proactive. Instead of trying to recover your computer after it has been infected (which turns out to be increasingly difficult lately), simply restore its previous, non-infected state! Maintains backups of your entire computer on external and protected media. If your computer is affected by a ransomware attack, instead of paying hackers and praying that they decrypt your files, simply restore your computer from the previous backup! There are many backup solutions on the market that will help you back up your computer, however the current main one is called Acronis. You can make a full backup of your computer and easily restore it to its previous state when disaster strikes.
Let us know your thoughts and comments in the section below and good luck!