Ransomware – when your computer is encrypted
The digital extortion business is booming. Ransomware – a combination of “ransom” and “malware” (malicious software) – is flourishing. Hardly a day goes by without a ransomware incident reported in the news. These reports mention companies, hospitals, organisations – but what about the private sphere? Are private individuals affected by ransomware too?
When ransomware infects a computer or network, it blocks access to the system (locker ransomware) or encrypts its data (crypto-ransomware). Cybercriminals then demand a ransom from their victims for unlocking the data. The amount usually has to be paid in a cryptocurrency such as Bitcoin, with correspondence usually carried out over the Darknet.
“The new generation” of ransomware players has no interest in discounts or lengthy negotiations. So when they encrypt the data they provide a deadline for ransom payment. If the ransom demand is not met, confidential data is published directly or destroyed.
How does ransomware work?
You can receive malware via an attachment in an email, a file download or on a falsified website purporting to be from a serious provider.
Once the malware is on your device, you no longer have access or a way of decrypting the data yourself. In some cases, your screen will suddenly go black and your device will no longer respond to mouse or keyboard inputs. A menacing text from the perpetrators then appears, threatening the deletion or disclosure of all data on the computer. The text usually contains the following features:
A countdown, loading bar or date shows you how much time you apparently have left. This is intended to emphasise the sense of urgency and put you under pressure.
You are prompted to purchase Bitcoins and transfer them to a specified account.
Usually the only course of action left to you is to access a marketplace for cryptocurrencies where you can acquire the ransom money and send it to the perpetrators online. They opt for this payment method as transactions are easy to cover up and thus more difficult for criminal prosecution authorities to trace.
How to protect yourself against ransomware
To avoid having to remove ransomware from your computer in the first place, you should treat unknown files with care.
- Create a backup of your data on a regular basis. The backup should be stored offline, on an external medium such as an external hard drive. Make sure to separate the medium on which you are creating the backup from the computer after the backup process. Otherwise, the data on the backup medium may also be encrypted and unusable during a ransomware attack. You can find out how here.
- Exercise caution when handling emails. You can find tips on how to do this here.
- Never connect USB sticks from unknown sources to your devices. Perpetrators sometimes leave loaded USB sticks and even USB charging cables (known as OMG cables) around to lure the “lucky” finder into a trap.
- Keep your programs and operating system up to date. Updating programs and operating systems regularly helps to protect you against malware.
- Only use known download sources. Never download software or media files from unknown websites. You should also take care when downloading to your mobile device. Trust the Google Play Store or Apple App Store, depending on which operating system you are using.
In the event of a ransomware attack, disconnect your computer from the internet and all attached storage media immediately to prevent further damage. In most malware cases, it is also a good idea to format the hard drive, set up the computer entirely from scratch and install the backup.
Report the cyber incident to the National Cyber Security Centre (NCSC).
«Never pay the ransom! »
While many individuals and companies are tempted to pay the ransom to regain control over their systems, this should only be a last resort and carried out in consultation with the police. Paying the ransom motivates the blackmailers and makes you an attractive target for further attacks.