Criminals use various strategies to steal money from their unsuspecting victims. One popular approach is to encrypt users’ files, only to grant them access again after a “ransom” has been paid - well, just possibly do so...!
How to protect yourself against ransomware:
- Regularly create a back-up copy of your data. You should make sure to disconnect the medium used to hold your back-up copy from your computer once the back-up process has finished. Otherwise, it is possible for data on the back-up medium to become encrypted and unusable in case of a “ransomware“ infection, too.
- Always keep all software and plug-ins installed up-to-date. Ensure that all installed software, apps and web browser plug-ins are always up to date. Whenever possible, use the automatic update feature of your software.
- Always be wary of suspicious e-mails, such that you receive unexpectedly, or those originating from an unknown sender. Don’t follow any instructions in the text, don’t open any attachments and don’t follow any links.
- Use antivirus software and keep it continuously updated with the help of automatic updates. Otherwise there is a risk that newly developed malware is not recognized.
It can happen quite quickly: Simply opening a malicious e-mail attachment or an infected website might just possibly be enough for an encryption Trojan to worm its way into your system and to inexorably render your data useless by deleting or encrypting them.
Once files on a computer have been encrypted by this “ransomware”, victims are shown a “blocking screen”. This asks victims to pay a certain sum of money in the shape of an Internet currency (for instance Bitcoin) to the attacker, for them to release encrypted files so they can be used again (ransom). Due to the use of an Internet currency, it becomes more difficult to trace authorship of the attack.
However, complying with the attackers’ demands and making a payment to them does not guarantee that victims will be provided access to their encrypted files again. In addition, such payments will finance the attackers’ business model and allow them to continue their “ransomware” attacks and infect and harm further victims.
Something to potentially save the day: Whether decryption routines are already known for a certain type of ransomware can be established on websites such as www.nomoreransom.org.
When spreading their ransomware, cyber-criminals particularly attack companies since they have large volumes of business-critical data and are more prepared to pay high sums of ransom money to avert data losses which would threaten their existence. Yet private users can be hit by an encryption Trojan and ensuing data loss just as well.
The most important counter-measure to prevent data loss caused by ransomware is therefore to regularly create back-up copies (back-ups) of your files - see “Step 1 - Backing up data”.