Hostage situation on your PC - Ransomware

Sven Krumrey

Those affected may find it quite spooky, either parts of or their entire system is no longer accessible. Instead, they are presented with notifications that can give you goosebumps: A police department is supposed to have found illegal material on their machines. Their copy of Windows is illegal and they need to purchase a license or they have violated copyright laws. Other messages may be more "honest" and will tell mortified users their PCs have been taken over and that their files have been encrypted. They are now required to pay a ransom because they fell victim to ransomware.

Your own files encrypted - a nightmare
Blackmailing through floppy discs

What has become a world-wide phenomenon that now also affects cell phones and doesn't discriminate between Windows and Android devices has its bizarre roots in 1989. Back then, biologist Dr. Joseph Popp sent out 20,000 floppy disks to users across the globe that were supposed to contain the latest information on the then new AIDS disease. Although not free (between $189 and $378) the software was freely installable. Once installed, users were in for a nasty surprise when parts of their files suddenly disappeared and their printers started putting out payment requests for a bank in Panama. Dr. Popp was eventually caught but more then 1000 PCs fell victim to his malware. That was only the beginning.

Ransomware attacks on the rise

While there has been much frenzy over "Locky" in the Spring of this year, things have now fairly quieted down. This is hard to understand as neither Locky (that apparently received an update to better camouflage it) nor the issue itself has gone away. There may no longer be 5000 infections every hour but this is a small comfort for affected users that are now locked out of their PCs. And along with that, the number of affected cell phones this year is steadily rising with a five-fold increase compared to last year. 2015 and 2016 have become the breakthrough years for ransomware affecting both businesses and private users.

An ordinary infection

You can catch ransomware as easily as any other trojan. Drive-by infections are common attack vectors (e.g. visiting a malicious website) as are links embedded in messenger or email messages including Facebook. Naturally, the bad guys know very well that you will be strongly enticed to click and throw caution to the wind when faced with messages such as "Is that you in the picture? How embarrassing!". Flash drives are also vulnerable as well as files from potentially "unsafe" sources such as BitTorrent networks. If you're without security software, you may be in for a world of hurt even if you won't notice it at first.

Suddenly, encryption is the enemy Suddenly, encryption is the enemy
What happens?

Ransomware authors like to exploit security flaws in common plugins such as Adobe Flash Player, Oracle Java, Adobe Reader and Microsoft Silverlight to install their programs. Once installed, the programs frequently download additional encryption routines and updated payment notices from the Internet. In some cases, they will even download language packs to make sure the victim understands the ransom notice. The program will then start encrypting the files on the host machine - and, alas, it does so quite effectively. Especially personal files will be encrypted with 256-bit keys that are impossible to crack even for the authorities. Some variants will even takes things one step further and encrypt your entire hard disk drives, shutting you out completely.

Should you pay?

Once the damage is done, users will a) be frightened and b) receive a payment notice. A specified amount will have to be paid, usually in Bitcoins (an Internet currency that is nearly impossible to trace, other variants include Paysafecard or Ukash), and then everything will be decrypted again. Whether you should pay is a hotly debated topic. You would give criminals what they want, a rather unpleasant thought, and you would have no guarantee that they will honor the "deal" and give you back access to your machine and files. Still, one German company paid (€490) and was lucky enough to regain access to some of their files. It's not worth the risk unless your life depends on your files. Some experts recommend reporting the attack to the authorities if the chances of success are too slim when viewed realistically.

Sadly, paying is seldom an alternative
What can you when it's too late?

I'll be frank with you: There's nothing you can do against (well-programmed) malware that has already taken over your machine. If your files have already been encrypted they are unrecoverable. A glimpse of hope: Kaspersky and Avira have published free recovery discs that may help you in some cases. Live CDs such as Knoppix can help you access files that have not yet been affected without booting into Windows (and triggering further encryption procedures) even when your machine has otherwise been locked. Knoppix is based on Linux, it is free and fairly easy to handle. There may be decryption tools for some (badly programmed) types of ransomware if you're lucky. Try to study the ransom notice carefully to find out who you're dealing with, maybe there's a decryption tool available. If all else fails, there's only one painful way to go: reinstalling your operating system or, in the case of cell phones, performing a factory reset.

How can you protect yourself?

In the same way you can protect yourself against any other type of malware. A decent security software (effective antivirus solution) is a must-have. You should also ensure that your software is up-to-date to close known security holes (frequently exploited by ransomware). Be careful whenever you receive mails or messages from unknown senders and don't just blithely click on embedded links even if they promise to be interesting. Be extra cautious when you're downloading and installing software from unknown sources. While some dubious sites may offer great programs for free, it may cost you dearly later. Regular backups help further safeguard your files and lessen the pain of a forced reinstallation. All these tips also apply to cell phones and tablets that are now also being targeted by ransomware.

Back to overview

Write comment

Please log in to comment