Ransomware is one of the most prevalent and terrifying security threats today, and it is on the rise, with stories of new types and infections hitting the headlines on a daily basis. It is also fast becoming one of the most profitable areas of cybercrime for hackers.
By Simon Campbell-Young, CEO of First for Distribution
Ransomware is a type of malware that restricts access to the computer system that it infects. Once infection has occurred, it demands that a ransom be paid, promising to decrypt the data once this is done.
Some types of ransomware encrypt files on the system’s hard drive while others merely lock the system and display messages designed to make the victim panic into paying. Either way, it is a sophisticated and dangerous form of extortion and is becoming a global epidemic.
Ransomware allows threat actors to monetise their efforts faster than previous types of malware did. With other types of malware, attackers would have to steal their victim’s data, and then find an buyer on the black market to resell that data to make money of their scheme.
With ransomware, attackers are stealing a person’s data and selling it back to them for a price. Most of us have data that we simply cannot do without, and will be willing to pay to get it back.
In addition, the increase in the use of anonymous currency such as Bitcoin makes monetising this type of threat even easier, and allows attackers to slip through the net and avoid getting caught. Attackers can make thousands of Rand per infection, and will get paid instantly. Be warned though: paying the ransom does not always result in getting the data back.
There are several types of ransomware. Some of the more common types include Locky, Cryptowall, DMA Locker, CryptoLocker, CTB Locker, Maktub, TorrentLocker, KeRanger, CryptoHOst, TeslaCrypt, Converton and Cerber.
There are several dead giveaways in how to recognise a ransomware infection.
Firstly, you can expect to receive pop-up message advising you that your data has been encrypted and demanding that you to pay a ransom. In addition, files won’t open, or will have been renamed. Applications won’t open either, and you might notice that your anti-virus has been disabled. Often the entire computer system either runs very slowly, or has been totally locked down.
If you think your system has been infected with a ransomware virus, perform an immediate shutdown of your computer in the normal manner. Do not press the power button since this may corrupt your data or system files further and prevent a quick repair.
Whatever you do, it is imperative not to try to remove the ransomware. Running antivirus or malware removal software will only cause further damage and make the encryption irreversible.
Ransomware removal and the recovery of your valuable data should always be left to an experienced ransomware expert. The data recovery process is quick, simple and entirely focussed on restoring valuable data and getting the business back on track as quickly as possible.