Home Page Navigation Contents Contact Sitemap Search

Ran­somware (encryp­tion Trojans)

Crim­i­nals use var­ious strate­gies to steal money from their unsus­pecting vic­tims. One pop­ular approach is to encrypt users’ files, to only grant them access again once a “ransom” has been paid – well, just maybe grant them access...!

How to pro­tect your­self against ransomware:

  • Reg­u­larly create a back-up copy of your data.
    Make sure to dis­con­nect the medium used to hold your back-up copy from your com­puter once the back-up process has fin­ished. Oth­er­wise, it is pos­sible for data on the back-up medium to become encrypted in case of a “ran­somware“ infec­tion, too.
  • Always keep all soft­ware and plug-ins installed up-to-date.
    Ensure that all installed soft­ware, apps as well as web browser plug-ins are always up to date. When­ever pos­sible, always use the auto­matic update fea­ture of your respec­tive soft­ware programs.
  • Be careful with sus­pi­cious e-mails.
    Cau­tion is called for with any e-mails you receive out of the blue, even if these seem to orig­i­nate from senders you know. Don’t follow any instruc­tions in the text, don’t open any attach­ments, and don’t follow any links.
  • Use antivirus software.
    Your antivirus soft­ware must be kept con­tin­u­ously updated with the help of auto­matic updates. Oth­er­wise there is a risk that newly devel­oped mal­ware is not recognized.

Oper­ating principle

It can happen quite quickly: Simply opening a mali­cious e-mail attach­ment or an infected web­site might just pos­sibly be enough for an encryp­tion Trojan to worm its way into your system and to inex­orably render your data use­less by deleting or encrypting them.

Once files on a com­puter have been encrypted by this ran­somware, vic­tims are shown a “blocking screen”. This asks vic­tims to pay a cer­tain sum of money in the shape of a crypto-cur­rency to the attackers, for them to release encrypted files so they can be used again (ransom). Due to the use of an Internet cur­rency, it becomes more dif­fi­cult to trace author­ship of the attack.

When spreading their ran­somware, cyber-crim­i­nals par­tic­u­larly attack com­pa­nies since they have large vol­umes of busi­ness-crit­ical data and are more pre­pared to pay high sums of ransom money to avert data losses which would threaten their exis­tence. Yet pri­vate users can be hit by an encryp­tion Trojan and by ensuing data loss just as well.

How to pro­ceed in case of damage

The most impor­tant mea­sure must be taken before any damage occurs: The reg­ular cre­ation of back-up copies of your data! Of course, any poten­tial infec­tion of your system will be trou­ble­some and asso­ci­ated with some effort (rein­stal­la­tion). But what really counts is that your per­sonal data can be res­cued – from other threats, too! Fur­ther infor­ma­tion on this topic can be found in “Step 1: Back up your data”.

We actively dis­courage anyone from actu­ally paying a ransom! There is absolutely no guar­antee that vic­tims will be pro­vided access to their encrypted files again. In addi­tion, such pay­ments will finance the crim­i­nals’ busi­ness model and allow them to con­tinue their ran­somware attacks and harm fur­ther victims.

How to pro­ceed in case of damage:

  • Switch off your device completely.
    If you notice any irreg­u­lar­i­ties on your system or sus­pect that ran­somware or another type of mal­ware gen­er­ally is on the loose, switch off your device com­pletely! This means dis­con­necting your device from its power supply – please make sure to pull the power plug, or push your device power switch for at least 5 sec­onds. This is the only way to sal­vage as many of your data as pos­sible. It is not that easy to dis­con­nect a smart­phone or tablet from its power supply though, and you should shut them down as “usual”.
  • Use a live system to clean your device.
    If pos­sible and fea­sible for you, restart your device using a live system, for instance “Desinfec’t“ by “c’t”. You can use this to scan, clean and estab­lish another back-up of your data in a secure manner. Oth­er­wise, take your device to a spe­cialist, so they can do this for you.
  • If known, use decryp­tion routines.
    You can estab­lish whether a cer­tain type of ran­somware is already known on such web­sites as www.nomoreransom.org. From there, you can also down­load and run decryp­tion routines.
  • Change all your passwords.
    Fur­ther infor­ma­tion on this topic can be found in “Step 4: Pro­tecting online access”.
  • Report this to the authorities.
    Let the Nationale Zen­trum für Cyber­sicher­heit (NCSC) know using their report form, and also report this to your local police station.


So-called “breach­stor­tion” is a new strategy of attack very sim­ilar to ran­somware, and fre­quently used in com­bi­na­tion with it. This does not pri­marily involve the encryp­tion of data, but threats to pub­lish sen­si­tive infor­ma­tion, which could damage a victim’s (usu­ally a company’s) rep­u­ta­tion. To pro­tect their rep­u­ta­tion, vic­tims receive a demand to remit a cer­tain sum of money to the attackers.

This strategy plays on vic­tims’ fears, and is meant to rein­force an attacker’s ransom demand even fur­ther – if a victim is not pre­pared to remit the amount of money demanded for decrypting data.

Ran­somware is a cer­tain family of mal­ware. This usu­ally spreads via mali­cious e‑mail attach­ments or infected web­sites. Once installed, ran­somware will encrypt files on its vic­tims’ com­puters and on any net­work drives and storage media con­nected to them (for instance USB sticks). Vic­tims are then unable to use these encrypted files again.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information