Ransomware is a type of malware also known as ransom malware. Ransomware is a virus that uses hostile methods to try to get the victim to pay a sum of money. The ransomware usually does this by restricting access to your computer until the victim pays the ransom. Nowadays, the ransom is paid using bitcoin so that it cannot be traced. According to malwarebytes.com, there are three types of ransomware: Scareware, Screen Locker Ransomware, and File-Encryption Ransomware.
Scareware is the least frightening out of the three types of ransomware. It works by pretending to be your anti-virus program. It claims that your computer has been infected with a virus and that you must pay money to remove it. In reality, the only virus on your computer is the Scareware itself. If you ignore the claims and keep using your computer, it keeps getting more and more annoying, with pop-ups and sound playing out of your speakers. Fortunately, you can remove Scareware easily using genuine anti-malware programs. This type of ransomware is the least dangerous because your files are not affected and data is not lost.
Screen Locker Ransomware
Screen Locker Ransomware is a little bit more troublesome than Scareware. Usually, this virus will display a full-screen window on your screen as soon as your computer boots up, making it unable for you to access the operating system. The screen claims that the FBI has detected some unlawful activity on your device. You should know that it is obviously not the FBI because the actual FBI would just arrest you rather than bother with locking your computer. This virus is a little bit harder to remove because you cannot access any of your applications. To remove the virus, you need to start up in safe mode and remove the ransomware with a ransomware removal tool such as Bitdefender.
This is the scariest and most dangerous type of ransomware. It can cause you or your company to lose thousands of dollars. This ransomware secretly encrypts all the files on your device. This means that your files are jumbled up into an unreadable format. The only thing that can restore your files is the secret decryption key. The virus demands a sum of money in exchange for the private decryption key. This virus is the scariest out of the three because once your files are encrypted, there is virtually no possible way for you to decrypt them unless you pay the ransom. The only way to counteract this virus is to have backups of your computer laying around.
The type of ransomware I will focus on in this article is the most dangerous one, file-encryption ransomware.
How does file encryption happen?
Most of the ransomware online use Asymmetrical Encryption to encrypt the victim’s files. This method of encryption works by first generating a set of public and private keys. The keys are just a set of numbers that are paired together, but they are not the same (Asymmetrical). Both keys can be used to encrypt data, but only the private key can be used to decrypt said data. So, the ransomware program uses the public keys to encrypt your data and then hands over the private key for decryption once you have paid the ransom. The private key never touches your computer until the ransom is paid; that way, there is no way for you to decrypt your data until payment is made.
Even if you do pay the ransom, there is no guarantee that the virus will decrypt your data. (What did you expect, these are hackers we are dealing with.)
How does ransomware get to your computer in the first place?
Most ransomware is distributed using mal-spam (Malicious Spam). A potential malicious email could disguise the virus into a document file. The author of the email would masquerade as your friend, and ask you to read the document and tell them what you think of it. Not thinking twice, the victims open the file. And there you have it: Your computer is infected with ransomware. This is also one of the many reasons you should not even open emails from unknown senders. But in some advanced cases, a special script might run without your consent, resulting in the virus being downloaded into your computer.
What happens when you get infected with ransomware?
Your computer gets encrypted. If you don’t know that after reading up to this point, you probably weren’t paying attention. When you click on that link that claims to be your childhood photos or something, a file is downloaded onto your computer. Then, it runs quietly in the background until all of your files are encrypted. If you think you are infected with ransomware, you should turn off your computer and remove the battery (Or unplug the cable). Then, boot into safe mode – a mode where only the system approved apps can run -, and proceed to remove the ransomware. If all of your files are already encrypted, it is too late. At this point, an unremovable window will pop up on your screen, claiming your computer is encrypted and to not waste your time trying to decrypt it. It then tells you to pay a specific amount within a limited amount of time, to a bitcoin address. Of course, there is no way to be sure that the criminals behind the ransomware will actually return your files. This is why the FBI recommends that you don’t pay up to the ransom since all you really are doing are supporting the criminals so that they can spread more viruses. However, since the prices charged by ransomware are not unreasonably large (about $300), I think a normal person would pay the ransom to get years of work and files back. The FBI also says that you should always back up your data, but let’s be honest here. Who goes on their computer every week and backs up a 1 terabyte hard drive for about 3 hours. I’m not saying backing up your data isn’t worth it, but not a lot of people probably do.
So… Should you be worried about ransomware?
The answer to this is a yes and no. While a healthy amount of skepticism is good to have, you should not be as paranoid as having 5 different anti-virus programs running in the background. While the cyber world will never be freed from the ransomware viruses, as long as you stay alert and think before you click, you should be fine.* If your data is sensitive and you are worried about it, you should buy an external hard drive and back up your data to it in case your computer is ever infected. And if you do all that and still lose your data due to ransomware, judge whether it would be wise to pay the ransom or not. The FBI can’t intervene; the decision is yours.
*I’m not responsible for any damages resulting from following instructions in this article. Remember, common sense is your best sense.