Ransomware – Identifying Types and Degrees of this Malware

Ransomware – This is your Nightmare

You spent the last few weeks working on a critical report for your supervisor. You’ve researched, edited, and proofread it dozens of times, and have also passed it onto colleagues for review. You have finally given it a last read-through and have declared it complete. Success!

You go to print the file and – what the? You click and re-click again, on other files on your desktop, but, they have all been converted to unopenable foreign MP3 files. A strange HTML file has appeared on your screen:

“Help_Decrypt_Your_Files.”

“Your files on this computer have been protected by a strong encryption with RSA-4096 [military-grade encryption]. You have 96 hours to start obtaining BITCOIN NOW! and submit payment to receive the encryption key, otherwise your files will be permanently destroyed.” 

You’ve been attacked by ransomware.

Wait, you didn’t back up the report. Come to think of it, none of your files have been backed up in months. You start to panic, as the gravity of reality starts to sink in.

It has encrypted your files with military-grade encryption. There’s little you can do; you either cut your losses or pay to retrieve the encryption key. However, you are now working with hackers – and there is no guarantee you will get the encryption key even if you submit payment. You are at the mercy of ransomware – in the most powerless position possible.

This is why preventing a ransomware attack is so important.

 

Identifying Types of Ransomware

Recognizing the different types of ransomware is the first step to preventing an attack. The degrees of ransomware can range from moderate to severe.

Scareware – Halting Yellow

This ransomware tricks you into purchasing unnecessary and potentially-infected software. They generally come in the form of warning pop-ups or emails that resemble legitimate anti-virus software companies, claiming to have found infected files on your computer. This tactic “scares” you into purchasing their software to get rid of the so-called “problem.” However, the fake anti-virus software you are now downloading can actually be malware intended to steal your personal data.  Remember, you’ve also just given your credit card information to them as well.

Screen Lockers – Code Orange

This type displays a full-screen window on your computer screen, locking you out of your computer entirely. The banner could be an official-looking FBI or Department of Justice seal saying, “Illegal activity has been detected on your computer and you must pay a fine.” Or, a “Microsoft Windows update unable to continue until a valid product key is imputed.” These banners will inevitably lead you to a toll-free number for assistance, where “tech support” is waiting to take your credit card number to remedy the “problem.”

Crypto-Ransomware – Red Alert

This ransomware “kidnaps” your data on your computer by encrypting your files and forces you to pay a ransom in order to retrieve a decryption key. Ransom prices varies depending on exchange rates, and, commonly uses Bitcoins (more recently, iTunes and Amazon gift cards) as forms of payment. Crypto-Ransomware are typically spread through phishing emails with attachments that are sent to company email addresses while pretending to be trusted brands like FedEx, UPS, Amtrak, etc. with customer support-related issues. The emails have attachments that have a PDF icon, but are actually zip files that infect the computer when opened. Crypto-Ransomware can also infect by downloading it from compromised websites or malvertisements, or it dropping in from another malware that has already infected your computer.

 

Ransomware Prevention

In 2015, Americans paid about $325 million due to ransomware attacks. Preventing ransomware means investing in cybersecurity. This includes having a good anti-virus with active monitoring, along with applications that are designed to prevent advanced ransomware attacks, like anti-malware and anti-ransomware programs.

It is important to securely backup all your data and implement this in your daily routine. The Cloud is a good choice for this, but a server that has high-level encryption and multiple-factor authentication is recommended.

The last step in ransomware prevention is training. The most common reason computers are infected is through social engineering, or tricking to retrieve information. It is important to be educated on how to detect phishing campaigns, to identify suspicious websites, and to recognize scams. The most crucial element of prevention is applying common sense. If it seems suspicious – assume that it is.