What is ransomware?
Ransomware is a type of malware that prevents you from using your computer or accessing your data until you pay a certain amount (the “ransom”) to a remote entity. There are currently two types of ransomware we are seeing:
- Lock screen ransomware, which displays a full-screen image or webpage that prevents you from accessing anything in your computer, and
- Encryption ransomware, which encrypts your files with a password, preventing you from opening them
Ransomware typically propagates like a conventional computer worm, entering a system through, for example, a downloaded file, infected website or an exposed vulnerability in a local network service. The program will then run a payload: such as one that will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim’s plaintext with a random symmetric key and a fixed public key to further confuse the user. The malware author is the only person that knows the decryption key needed to release control of your PC and files.
Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to effectively restrict interaction with the system, typically by overriding explorer.exe in the Windows registry as the default shell, or even modify the master boot record and/or partition table, not allowing the operating system to start at all until it is repaired/removed.
Ransomware payloads, especially ones which do not encrypt files, utilize elements of scareware to coax the user into paying for its removal. The malware may, for example, display notices purportedly issued by companies or law enforcement agencies which falsely claim that the user’s system had been used for illegal activities, or contains illegal content such as pornography and unlawfully obtained software. Some ransomware payloads imitate Windows XP’s product activation notices, falsely claiming that their computer’s Windows installation is counterfeit or requires re-activation.
In any case, the ransomware will attempt to extort money from the user by forcing them to purchase either a program to decrypt the files it had encrypted, or an unlock code which will remove the locks it had applied.
Paying the “fine” does not necessarily return your computer to a usable state. We DO NOT advise that you pay as you are giving the criminals what they want. With ransomware, the threat of prosecution does not come from the legitimate authorities – it’s simply internet criminals trying to extort money from end users.
So what can you do?
Here are some walkthroughs to help rid yourself of this very annoying problem – one from Microsoft and one from Norton
Microsoft: This tutorial is very complete and easy to use.
http://www.microsoft.com/security/portal/shared/ransomware.aspx
Norton: This is a YouTube Video tutorial.
http://US.norton.com/ransomware
Norton’s Power Eraser: Used in the video tutorial above.
http://security.symantec.com/nbrt/npe.aspx?lcid=1033
How to avoid ransomware in the first place?
There are several free ways to help protect your computer against ransomware and other malware:
- Keep all of the software on your computer up to date. Make sure automatic updating is turned on to get all the latest Microsoft security updates.
- Keep your firewall turned on.
- Never open spam email messages or click links on suspicious websites.
