Ransomware: Malware in its cruelest form

Ransomware is another type of malware, but this one carries a bit of a sting.  Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s.  Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box.  Ransomware has been the headline for 2016.  If infected with this malware, access to your system will be limited until a ransom is paid.

Step 1: Infection

How is one infected with ransomware?  Well, all of the usual methods are applicable to ransomware infection.  

  • Emails with malicious links or attachments
  • Visiting web sites that install malware on your computer
  • Clicking on malicious links on a web site
  • Malvertising links
  • System vulnerabilities
  • Access via stolen credentials
  • Self-propagating ransomware (cryptoworms)

Step 2: Execution

Once it is on your system, the real damage begins.  Earlier ransomware was known for blocking system access immediately upon boot up or when your operating system loaded.  The more recent variants encrypt files on your hard drive, mapped network drives or unmapped drives, leaving your files inaccessible.  The more vicious versions of ransomware slowly delete files as the ransom clock ticks.  Advanced ransomware goes as far as detecting backup files and deleting or encrypting backup files.  The latest variants not only take your files hostage but threaten a data dump if you do not pay.  The major takeaway: ransomware is evolving and these e-crooks are going to do whatever it takes to make the victim pay.

WARNING: Nothing is safe.  If it’s connected, it’s at risk!

  • Workstations
  • Servers
  • Laptops
  • Smartphones/tablets
  • External hard drive
  • USB removable media
  • Synced cloud storage

Step 3: The Ransom

So do you pay the ransom? Well, I definitely do not recommend that as Plan A.  Your initial plan should be to restore from backups that either are on a disconnected drive or are on a connected drive that has not been compromised.  If you do not have any backups, you could attempt to see if the algorithms or decryption key tables have been released.  This is not always the case; however, sometimes you can obtain the decryption key without paying the ransom.  If none of those prove to be viable options, you have to determine if you can function without the files.  If the answer is no, then you are left with one option: paying the ransom. 

Let’s talk about paying the ransom.  Be warned, you are dealing with criminals so there is no guarantee that services will be rendered and the better business bureau will not take your complaints.  Also, if you pay, you are funding and therefore supporting criminal activity.  The criminals used to accept gift cards as payments, but now cryptocurrency is the primary method of payment.  So if you have never set up a bitcoin wallet and tried to obtain bitcoins, you are in for an adventure.  Remember, the clock is usually ticking in these situations!  Even after the ransom is paid, you may not be in the clear.  The malware could still exist on your system(s), so make sure you do not get struck twice.

Interesting Facts About Ransomware

  • Some variants lock your bitcoin wallet!  This is the equivalent of physically stealing someone’s wallet. 
  • Beware of cloud syncing.  If your system is hit with ransomware, files that sync with the cloud will be encrypted and those encrypted files will sync with the cloud.
  • Ransomware-as-a-Service (RaaS) exists.  This is exactly what it sounds like.  Anyone can purchase ransomware and utilize it to extort money out of new victims of their choosing.

Tips for Fighting Ransomware

Make sure your business is protected from ransomware with this short checklist.

  • Malware protection
  • Patch management
  • Web content filter 
  • Disable macros in Microsoft Office
  • Limit use of user accounts with elevated privileges
  • Backup your data to disconnected media


**Image courtesy of SSCreations at FreeDigitalPhotos.net