This article might save you some $300. Thatâs the average ransom extortionists ask their victims to pay to restore access to victimsâ encrypted files or locked computers.
Itâs quite easy to get infected with ransomware. You donât have to spend your days searching out free porn or open lots of spam. Even if you donât do anything wrong, you still are at risk. Read on to learn why, and what you can do to protect yourself.
1. What is ransomware?
Ransomware is a malicious type of program that locks your computer, tablet, or smartphone â or encrypts your files and then demands ransom for their safe return. There are essentially two types of ransomware.
The first type is cryptors, which encrypt files so to make them inaccessible. Decrypting the files requires the key used to encrypt them â thatâs what the ransom pays for.
The other type is called blockers; they simply block a computer or other device, rendering it inoperable. Blockers actually represent a better-case scenario than cryptors; victims stand a better chance of restoring blocked access than encrypted files.
2. How much is the usual ransom?
There really is no âusual.â Some ransomware programs ask for as little as $30. Some demand tens of thousands of dollars. Enterprises and other big organizations, which usually get infected through spear phishing, are more likely to receive higher ransom demands.
However, you should keep in mind that paying the ransom doesnât ensure the safe and reliable return of files.
3. Can I decrypt the encrypted files without paying ransom?
Sometimes. The majority of ransomware programs use resilient crypto algorithms, which means that without an encryption key, decrypting them could take years.
Sometimes the criminals behind ransomware attacks make mistakes, enabling law enforcement to seize attack servers containing encryption keys. When that happens, the good guys are able to develop a decryptor.
Donât pay #ransomware. Use this free decryption tool instead: https://t.co/t573dzOwFE pic.twitter.com/5x95mtrxn1
â Eugene Kaspersky (@e_kaspersky) July 26, 2016
4. How is ransom paid?
Usually, ransom is requested in cryptocurrency, namely bitcoins. This electronic currency cannot be forged. The history of transactions is available to anyone, but the owner of the wallet canât easily be tracked. Thatâs why cybercriminals prefer bitcoins: They improve the odds of not getting caught.
Some types of ransomware use anonymous online wallets or even mobile payments. The most surprising method we have seen to date was $50 iTunes cards.
Simplifying blockchain â https://t.co/o6X4YhjHjh #bitcoin #infosec101 #banking pic.twitter.com/HbyUYTyt4J
â Kaspersky (@kaspersky) September 8, 2016
5. How can ransomware end up on my computer?
The most common vector is e-mail. Ransomware may pose as a useful or important attachment (an urgent invoice, an interesting article, a free app). Once you open the attachment, your PC is infected.
Ransomware can infiltrate your system while youâre just surfing the Internet, however. To gain control over your system, extortionists use OS, browser, or app vulnerabilities. Thatâs why itâs crucial you keep your software and operating system up to date (by the way, you can delegate this task to Kaspersky Internet Security or Kaspersky Total Security, whose latest versions automate the process).
Some ransomware programs can self-propagate through local networks. If such a Trojan infects one machine or device in your home or enterprise network, other endpoints will also eventually get infected. But that is a rare case.
Of course, there are more predictable infection scenarios. You download a torrent, then you install a pluginâŠand away we go.
6. What kind of files are the most dangerous?
The most suspicious files are executables (like EXE or SCR), with Visual Basic scripts or JavaScript (.VBS and .JS extensions) not far behind. They are quite commonly packaged into ZIP or RAR archives to hide their malicious nature.
10 tips to protect your files from ransomware https://t.co/o0IpUU9CHb #iteducation pic.twitter.com/I47sPIiWFF
â Kaspersky (@kaspersky) November 30, 2015
Another dangerous file category is MS Office files (DOC, DOCX, XLS, XLSX, PPT, and so forth). They may contain vulnerable macros; if you are prompted to enable macros in a Word document, think twice before you do it.
Be wary of shortcut files (.LNK extension) as well. Windows can depict them with any icon, which, paired with an innocent-looking file name, can lure you into trouble.
An important note: Windows opens files with known extensions without prompting the user, and by default it hides those extensions in Windows Explorer. So if you see a file named something like Important_info.txt, it could actually be Important_info.txt.exe, a malware installer. Set Windows to show extensions for greater security.
7. Can I avoid infection if I stay away from rogue websites or suspicious attachments?
Unfortunately, even cautious users can get infected with ransomware. For example, itâs possible to infect your PC while reading news on a big, reputable news website.
Of course, the website itself wonât distribute malware to visitors â unless itâs hacked, which is another story. Instead, advertising networks compromised by cybercriminals serve as distributors, and simply having an unpatched vulnerability lets malware load. Here again, having up-to-date software and a fully patched operating system are key.
8. I have a Mac, so I donât need to worry about ransomware, right?
Macs can be and have been infected with ransomware. For example, KeRanger ransomware, which infiltrated the popular Transmission torrent client, hit Mac users.
Our experts believe that the number of ransomware programs targeting Apple systems will gradually increase. And with Apple devices being relatively expensive, extortionists may find Mac owners a great target for higher ransom demands.
Some types of ransomware even target Linux. No systems are safe from this threat.
Wait, my Mac can be infected? https://t.co/7Zyb3WCT3s pic.twitter.com/14fXrHytMQ
â Eugene Kaspersky (@e_kaspersky) March 9, 2016
9. I use my phone to go online. Do I have to worry?
You should. For example, cryptors and blockers for Android devices exist, with the latter being more prevalent. Having antivirus on your smartphone is not paranoid.
10. So, even iPhones are at risk?
To date, there are no dedicated ransomware programs for iPhone and iPad. That statement refers to iPhones that are not jailbroken, by the way. Malware can infiltrate devices that arenât bound by the security restrictions of iOS and Appleâs locked-down App Store.
iPhone ransomware might be just around the corner, however, and not requiring a jailbroken system. We might see the emergence of IoT ransomware as well. Cybercriminals might demand high ransoms after taking over a smart TV or fridge.
11. How will I know if my computer gets infected with ransomware?
Ransomware isnât subtle. It will announce itself, like this:
Or this:
Or this:
Blockers look more like this:
12. Which ransomware types are the most prevalent?
New types of ransomware emerge every day, so itâs hard to say which are the most popular. We can enumerate several outstanding examples, such as Petya, which encrypts the entire hard drive. Also, there is ĐĄryptXXX, which is still powerful and which we took down twice. And, of course, TeslaCrypt was the most pervasive sample of ransomware for the first four months of 2016; its creators, unexpectedly, were the ones to publish a master key.
13. If I get infected by ransomware, what should I do?
If you find your computer blocked â it wonât load the operating system â use Kaspersky WindowsUnlocker, a free utility that can remove a blocker and get Windows to boot.
Cryptors are a harder nut to crack. First, you need to get rid of the malware by running an antivirus scan. If you donât have a proper antivirus on your computer, you can download a free trial version here.
The next step is to get your files back.
If you have a backup copy of your files, you can simply restore your files from the backup. That is by far your best shot.
If you havenât made backups, you can try to decrypt files by using special utilities called decryptors. All of the free decryptors created by Kaspersky Lab can be found at Noransom.kaspersky.com.
Other antivirus companies also develop decryptors. One thing: Be very sure youâre downloading these programs from a reputable website; otherwise you run a high risk of getting infected by some other malware.
If you canât find the right decryptor, you can pay the ransom or say good-bye to your files. That said, we donât recommend paying the ransom.
14. Why not just pay the ransom?
For starters, there is no guarantee you will get your files back. You cannot trust extortionists. One example of untrustworthy thieves is the makers of Ranscam, ransomware that didnât even bother with encrypting but simply deleted the files (although of course it promised decryption in exchange for money).
According to our research, 20% of ransomware victims who paid never got their files back.
Second, by paying ransom, you support this cybercrime business model, helping it thrive.
15. I found the decryptor I need; why doesnât it work?
Ransomware developers are quick to react when a new decryptor comes out, and they respond by modifying their malware to make it resilient to the available decryptor. Itâs a game of whac-a-mole. Unfortunately, decryptors do not come with guarantees.
16. If I spot the process of infection, is there something I can do?
In theory, if you catch it in time, you can turn off the PC, remove the hard drive, insert it into another computer, and use that computerâs antivirus to disinfect. However, in real life itâs difficult or even impossible for a user to detect an infection; ransomware works quietly until the big reveal: the ransom note.
17. If I back up my files regularly, am I safe?
Backing up your files is very helpful, without a doubt, but it is not a 100% guarantee. Hereâs one case: You set automatic backup on your spouseâs computer to run every three days. A cryptor infiltrates the system, encrypting all documents, photos, and so forth â but he does not get the gravity of the situation at once. So when you check in a week later, the backups are all encrypted, too. Backups are vitally important, but your defenses need to go further.
18. Is antivirus enough to avoid infection?
Yes, in the majority of cases. The antivirus solution you use matters, though. According to independent benchmarks by renowned labs (which are, in fact, the only benchmarks to trust), Kaspersky Labâs products offer better protection than the competition. However, no antivirus is 100% effective.
In many cases, automatic detection depends on how recent the malware is. If its signatures have not been added to antivirus databases, a Trojan can be detected with behavioral analysis. If it attempts to inflict damage, itâs blocked immediately.
Our product includes a module called System Watcher; if it detects an attempt of massive file encryption, it blocks the malicious process and rolls back all changes. Please never disable this component.
As well, Kaspersky Total Security automates backup processes. Even if something goes terribly wrong, you can restore all key events from backup copies.
19. Are there any settings I can tweak to strengthen defenses?
a. First, do install an antivirus. But we have already told you that, havenât we?
b. You can disable script execution in browsers, since they are a cybercrookâs favorite tool. Check out our blog to learn how to do that in Chrome and Firefox.
c. Make file extensions visible in Windows Explorer.
d. Make Notepad the default application for VBS and JS files. Windows usually marks dangerous VBS and JS scripts as text files, which can mislead less-savvy users into opening them.
e. Consider enabling Kaspersky Internet Securityâs Trusted Applications Mode, thus restricting installation of any programs that are not included in allowlist. It is not enabled by default and requires some tweaking and setting up, but itâs a very useful tool, especially for those who are not PC proficient and might let some sneaky malware get into the system.
Source: kaspersky.com