Ran­somware (Encryp­tion Tro­jans)

Crim­i­nals use var­ious strate­gies to steal money from their unsus­pecting vic­tims. One pop­ular approach is to encrypt users’ files, only to grant them access again after a “ransom” has been paid - well, just pos­sibly do so...!

How to pro­tect your­self against ran­somware:

  • Reg­u­larly create a back-up copy of your data. You should make sure to dis­con­nect the medium used to hold your back-up copy from your com­puter once the back-up process has fin­ished. Oth­er­wise, it is pos­sible for data on the back-up medium to become encrypted and unus­able in case of a “ran­somware“ infec­tion, too.
  • Always keep all soft­ware and plug-ins installed up-to-date. Ensure that all installed soft­ware, apps and web browser plug-ins are always up to date. When­ever pos­sible, use the auto­matic update fea­ture of your soft­ware.
  • Always be wary of sus­pi­cious e-mails, such that you receive unex­pect­edly, or those orig­i­nating from an unknown sender. Don’t follow any instruc­tions in the text, don’t open any attach­ments and don’t follow any links.
  • Use antivirus soft­ware and keep it con­tin­u­ously updated with the help of auto­matic updates. Oth­er­wise there is a risk that newly devel­oped mal­ware is not rec­og­nized.

Oper­ating prin­ciple

It can happen quite quickly: Simply opening a mali­cious e-mail attach­ment or an infected web­site might just pos­sibly be enough for an encryp­tion Trojan to worm its way into your system and to inex­orably render your data use­less by deleting or encrypting them.

Once files on a com­puter have been encrypted by this “ran­somware”, vic­tims are shown a “blocking screen”. This asks vic­tims to pay a cer­tain sum of money in the shape of an Internet cur­rency (for instance Bit­coin) to the attacker, for them to release encrypted files so they can be used again (ransom). Due to the use of an Internet cur­rency, it becomes more dif­fi­cult to trace author­ship of the attack.

How­ever, com­plying with the attackers’ demands and making a pay­ment to them does not guar­antee that vic­tims will be pro­vided access to their encrypted files again. In addi­tion, such pay­ments will finance the attackers’ busi­ness model and allow them to con­tinue their “ran­somware” attacks and infect and harm fur­ther vic­tims.

When spreading their ran­somware, cyber-crim­i­nals par­tic­u­larly attack com­pa­nies since they have large vol­umes of busi­ness-crit­ical data and are more pre­pared to pay high sums of ransom money to avert data losses which would threaten their exis­tence. Yet pri­vate users can be hit by an encryp­tion Trojan and ensuing data loss just as well.

The most impor­tant counter-mea­sure to pre­vent data loss caused by ran­somware is there­fore to reg­u­larly create back-up copies (back-ups) of your files - see “Step 1 - Backing up data”.

Ran­somware is a cer­tain family of mal­ware. This usu­ally spreads via mali­cious e-mail attach­ments or infected web­sites. Once installed, “ran­somware” will encrypt files on its vic­tims’ com­puters and on any net­work drives and storage media (for instance USB sticks). Vic­tims are then unable to use these encrypted files again.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend