Home » What is Ransomware and how to avoid it

What is Ransomware and how to avoid it

What is Ransomware

Ransomware is a type of malware used for blocking a specific user from accessing data on his own computer and also disabling the functionalities which can unblock the restricted access to data. Then, the author of the malware will demand a ransom amount which the user needs to pay in order to restore the access to blocked data. For any normal user having only some basic understanding of Computer and Internet, Ransomware can be considered as one of the most vulnerable and dangerous type of malware. If a user gets infected with it, he has no other choice than paying the ransom amount which can be up to few hundred dollars.

The Ransomware malware program is designed in such a way that it will frequently lock down a computer, followed by display of several images related to law enforcement in order to frighten the user and extort some money from the targeted victim. Some ransomware will not only lock your computer, but also encrypt your files, after which you won’t have any access to those files.

Although ransomware first appeared way back in 1989 known as the PC Cyborg Trojan which encrypted the file with a weak symmetric cipher, but it has been increasing drastically since 2005, affecting thousands of private individuals, small businesses and government agencies. Online criminals are earning millions by distributing and operating worms such Cryzip, Archiveus, Krotten, TROJ.RANSOM.A, Gpcode and MayArchive. Initially the attacks were limited to Windows PC, but now they have even spread among Android smartphones and Macs.

How you can be infected by Ransomware

The Ransomware malware attacks its target victims via mail attachments, compromised or malicious website and infected programs. There are various ways by which attackers use Ransomware malware to infect the victim’s computer and then extract ransom amount from them. Here are some common ways by which you can get infected by Ransomware:

  • Spam Emails: This trick is used by malware owners where they persuade you to click on download links and install malicious files on your computer. This is done by sending an email having file attachments saying it is an invoice for a purchased ticket, a delivery receipt, or an income tax refund. As soon as you click on the attachment and download it, the malware gets installed on your computer.
  • Compromised or malicious webpages/websites:This trick is used to exploit the security vulnerabilities found over internet to infect your computer. When you are browsing a website which is malicious or a legitimate site which has been hacked or compromised, the malware tries to exploit those vulnerabilities by making you click a malicious link or advertisement and therefore, resulting in your computer getting infected.
  • Bundled malware with software: This trick is used to get Ransomware malware installed on your computer when you download and install other programs or applications. It includes software downloaded from third party websites as well as files shared through intranet networks. This include toolbars which gets installed automatically if you don’t opt-out while installing software on your computer.
  • Infected external removable devices: Infected removable devices such as external hard-drive or USB pendrive are used to spread malwares and it gets installed automatically when the infected device is connected to your computer. It can also spread via infected computer connected on same network.

How to avoid to be infected by Ransomware

Since Ransomware can be very dangerous for your computer, in order to avoid your computer from being getting infected by Ransomware, you should consider the following:

  • If you get an email which you weren’t expecting and you are also not sure about who has sent you that email, don’t open the attachment included in the mail.
  • If you are using an external removable drive, do perform a complete security scan before using it. Also, you need to disable the Auto-run feature as it allows the removable drives to be opened directly and may allow Ransomware to get installed on your computer.
  • Always make sure that you are downloading any required software from the official website of the vendor and don’t fall prey to any malicious website. Also, do make sure that you read the license agreement about what exactly are you installing and don’t keep on clicking Next/OK without reading it.
  • Companies provide security updates for their software to fix the vulnerabilities found in it. So, it is very important to install those updates regularly to stay protected and keep your software up to date. Also, uninstall/remove software which you don’t use anymore.
  • Keep firewall settings ON for your computer as it prevents your computer getting infected by malwares by not allowing suspicious programs to install on your computer. Also, install a secure, self-updating and patched antivirus on your computer as Firewalls can’t stop malicious email attachments to be opened.
  • Backup your important data and files regularly with a cloud backup service or external hard drives. This would be helpful in restoring backup files, if your files gets locked by Ransomware.

How to get rid of an infection by Ransomware and what to do

If you find a Ransomware message on your monitor, the first thing you should do is to capture the information shown on your monitor by taking a photo and reporting the incident to police. The police might not be able to help you in this, but since it is a very serious crime, it should be firstly reported.

Now, try to see if you still have access to your files and folders present on your computer, such as Pictures or Documents. If you are unable to get pass the ransom screen, you have been infected by a locker ransomware. But, if you are able to navigate your computer, although the files are in encrypted state, then you have been infected by a crypto ransomware.

In case you are infected by locker ransomware, you can try the below suggestions:

  • Try to boot your computer via Safe Mode. Just press power key and the key ‘S’ simultaneously while booting. As soon as the computer starts in safe mode, run your antivirus to remove ransomware from your computer.
  • If it doesn’t work for you, you need to roll back your computer to a previous restore point where the computer was working fine. It will remove all the software’s installed on your computer after that restore point.

If you have been infected by crypto ransomware, you can try the below suggestions:

  • If it doesn’t work for you, but you still have a backup of your important files, then you need to overwrite the files which have been encrypted by using the backup versions for your files.

When everything is done, run a thorough scan of your computer with your antivirus. You should also create a new backup for all your files and have a reinstallation of your Operating system.