Picture this: You’re busy working on an important document on your computer.
Not only is this project important to your job, but it contains very sensitive information about the company and its customers. You’ve taken precautions to keep that data safe and protected.
But suddenly, in the middle of your work, a huge message pops up:
“Your Computer Has Been Locked!”
No matter what key you press, or how many times you try to restart your computer, the same message keeps popping up. You can’t access the document you were working on or other important files — and you have no idea who has their hands on them now.
In order to get your files back, the message says, you have to pay a fine of hundreds of dollars… or lose them forever.
These messages often masquerade as official warnings from the FBI or other government agencies, accusing you of illegal activity on your computer. They can look very convincing, citing actual codes and laws and using official government seals.
But don’t be fooled: None of those messages are from any legitimate government.
In reality, they’re what’s known as “ransomware,” and they’re attempting to extort money from you illegally.
Many Internet users are fooled by these convincing messages, or pay the fine even if they see right through the scam because they don’t see any alternative methods to access their files and regain control of their computers.
While seeing a message like that may cause you to panic, don’t lose hope: there are ways to fight back. You can use various methods to remove ransomware infections, and learn how to protect yourself from ransomware going forward.
To get started, check out the graphic below for practical tips and advice on keeping your devices and data safe.
Transcript: The Relentless Rise of Ransomware (and How to Beat It)
CryptoLocker grabbed headlines at the end of 2013 when it infected hundreds of thousands of computers in only a few months, but ransomware has actually been around in one form or another for decades. What exactly is ransomware? How does it get onto our computers? And how can you protect yourself?
What is Ransomware?
Ransomware is a kind of malware or virus that does two things:
- Locks up or encrypts parts or all of a user’s computer
- Demands something (usually money) to restore the computer to working condition
There are many variants of ransomware that use different strategies to extort the infected:
- Encrypting certain files
- Claiming to have encrypted certain files
- Encrypting certain files and threatening to destroy them by a deadline
- Locking the entire computer
- Creating a popup window that cannot be closed
- Preventing the computer from booting up
- Displaying a message claiming to be from a law enforcement agency
- These types of messages pass off the extortion as a “fee” or “fine” for viewing or possessing illicit materials.
- They’re capable of adapting their messages depending on the user’s GPS location.
- An infected American computer will display a message from the FBI.
- An infected French computer will display a message from Gendarmerie Nationale.
The earliest form of ransomware was the PC Cyborg Trojan, AKA the AIDS Info Disk in 1989.
- The trojan’s inventor, Dr. Joseph Popp, sent the ransomware out in 20,000 floppy disks.
- Popp’s program replaced a certain file on an infected machine.
- Once the machine had booted up 90 times, the ransomware made the system unusable by:
- Changing all the filenames in the C: drive
- Hiding the directories
- The trojan claimed that the user could only regain access by sending hundreds of dollars to a Panamanian post office box.
- Popp was caught and eventually extradited to Brixton Prison in England.
The first major instances of ransomware on a widespread scale occurred in Russia and Eastern Europe in 2005-2006.
- The programs would zip certain files and make them inaccessible to users without a password.
- Criminals would charge around $300 for these passwords.
How Does it Get on My Computer?
Ransomware, like any piece of malware, can get onto a computer several ways, including:
- Accidental/Unknown downloads
- Visiting a compromised website
- Clicking on a malicious link or ad
- Opening a compromised email attachment
- Program vulnerabilities
- Some of these include:
- Weaknesses caused by other forms of malware already infecting the machine
- Browsers or operating systems that haven’t been updated recently
- Infected removable drives
- These include USBs and portable hard drives
- Malware can spread through removable storage if a user uses the same device for multiple computers
- Infected software bundles
- Some applications can come bundled with malware, including:
- Browser toolbars
- Software key generators
- Instant messenger applications
- Third-party executable (.exe) files, especially from non-trusted sources
- Instant messenger applications
- Files shared through peer-to-peer file sharing sites like BitSnoop or BTScene
The Spread of Ransomware
Ransomware, as a form of malware, poses a threat to everyone’s computers. Worryingly, it appears that ransomware attacks might be on the rise.
AVAST security software reported that over six weeks, their users encountered ransomware-infected websites 18 million times.
Experts studied one specific attack for a month and discovered that:
- The programs charged $60-$200 for users to regain access to files
- The malware infected 5,700 computers per day
- 68,000 computers in a month
- 9% of victims paid the ransom (roughly 168 per day)
- The criminals behind the malware may have made up to $394,000
In the first quarter of 2013, Russians suffered from 250,000 instances of ransomware.
- That’s a 100% increase from the first quarter of 2012.
US Homeland Security reported that the CryptoLocker ransomware and its variants extorted $100 million from victims in 10 months.
CryptoLocker cost a Massachusetts Police Department $750 to regain access to its files in 2013.
CryptoLocker infection statistics in 2014:
- US: 336,856
- UK: 4,593
- Canada: 25,841
- Australia: 15,427
- India: 1,832
- Other countries combined: 100,448
- At its peak, CryptoLocker was infecting around 50,000 computers per month.
CryptoLocker demanded payments in:
- Green Dot MoneyPaks
- These prepaid cards are sold in over 50,000 stores, making them very difficult to trace.
CryptoWall, a variant of CryptoLocker, successfully infected more than 625,000 computers.
- A simpler program, CryptoWall still extorted approximately $1 million.
What to do If You’re Infected
The key thing to remember about ransomware is: You should never pay the ransom.
- Users that pay a ransom have no guarantee that they will regain access to their system.
- In many cases, paying a ransom will only encourage hackers to extort even more money from their victims.
Those that think their computers have been infected with ransomware should:
- Avoid plugging in any removable drives, since these can also become infected
- Disconnect other devices on the network to prevent them from becoming infected
- Use antivirus and antimalware software to remove the ransomware
- If all else fails, restore the computer to factory conditions using a Boot Recovery CD/DVD/USB
- Users that don’t have their CD/DVD/USB will need to follow their OS’s factory restore procedures, or seek help from a computer professional
Whether or not you have paid a ransom, if you’ve been affected by ransomware, you should contact the Internet Crime Complaint Center at http://www.ic3.gov/
How to Keep Yourself Safe
While it’s sometimes possible to restore or regain data lost from ransomware, it’s better to avoid it entirely, if possible.
- Use a spam filter on emails
- Be wary of clicking on links in emails
- Many forms of malware are capable of sending viruses through infected computers’ contact lists.
- Some forms of malware fraudulently present themselves as legitimate sources (banks, law enforcement, friends, etc.)
- Use antivirus software and update it regularly
- Update operating systems regularly
- Use a pop-up blocker
- Back up important files frequently
Ransomware has grown up significantly and become far more sophisticated since the days when it was spread via infected floppy disks. To avoid getting infected, you should always treat downloadable files with suspicion and use the latest antivirus software. Remember: The best way to keep important files safe — from hackers or just regular accidents — is to securely back them up often.
- Ransomware is a Growing Threat to Internet Users – antivirus.comodo.com
- New Site Recovers Files Locked by Cryptolocker Ransomware – krebsonsecurity.com
- All You Need To Know About Ransomware – superantispyware.com
- The Original Anti-Piracy Hack – securityfocus.com
- Ransomware – trendmicro.com
- How Does Malware Infect Your PC – microsoft.com
- Beware the Rise of Ransomware – us.norton.com
- 11 Things You Can Do to Protect Against Ransomware, Including Cryptolocker – welivesecurity.com
- Ransomware on the Rise: Norton Tips on How to Prevent Getting Infected – uk.norton.com
- CryptoLocker Could Herald Rise Of More Sophisticated Ransomware – darkreading.com
- Swansea Police Pay $750 “Ransom” After Computer Virus Strikes – heraldnews.com
- You’re About to Be Held to Online Ransom – wallstreetdaily.com