Pinterest Stumbleupon Whatsapp
Ads by Google

You’ve probably heard of Ransomware, the malware that locks up your system and threatens you in order to extort money. It is a threat that exists on desktop and mobile devices, and is almost always insidious, difficult to remove, and, in many cases, expensive.

We’ve previously explained how to deal with several ransomware threats should you find them on your computer, but just how great is this threat? Several prominent ransomware scams are in circulation at the moment. Let’s go over three of the most devastating, so you can recognise them.

Understanding Ransomware

Before we proceed, a quick catchup, just in case you’re reading this article completely unaware of what ransomware actually is.

muo-security-3ransomware-ransomware

When infected with a ransomware bug, a computer’s files – typically the My Documents folder and libraries – are locked, often encrypted. The creators/distributors of the malware then display a message to the user, informing them of the price y that must be paid to regain access.

That’s right: you have to pay to get access to your own files. Think of it as a digital version of the old “protection racket” monies for menaces model.

Ads by Google

Data isn’t only locked, however; in some cases, the user is accused of being a paedophile, using illegal images and a message purporting to be from a known law enforcement agency. In 2013, McAfee revealed it had collected in excess of 250,000 ransomware samples, each unique, in the first quarter of that year alone.

A growing threat across all platforms, the 3 examples below should help explain just why you need to be wary of ransomware.

CryptoLocker

Targeting Windows, CryptoLocker quickly became the daddy of the ransomware scene in 2013, spread by email and possibly through the ZeuS botnet.

cryptolocker-example

After installing itself on your computer, CryptoLocker encrypts documents found on your computer, on network drives and on removable storage, tying them up with 2048 bit RSA. Retrieving your data means paying USD $380 in Bitcoin or $300 in either MonkeyPak or Ukash prepaid cards.

Following a security services operation, it became possible for some users to get their files back. Obviously this is good news, but it does highlight just how devastating ransomware can be. It took the discovery of the command and control server behind the ransomware encryption to stop (the original) CryptoLocker in its tracks, but even that wasn’t enough to free user data. Instead, we’ve had to wait for it to be reverse engineered, and a decryption tool developed CryptoLocker Is Dead: Here's How You Can Get Your Files Back! CryptoLocker Is Dead: Here's How You Can Get Your Files Back! Read More .

TorrentLocker

With a similar name to CryptoLocker, TorrentLocker locks up your files and demands a fee of $500 AUD (doubling to $1000 AUD if you’re slow to cough up the readies) to be paid in Bitcoin. Various clues about the currency and the exchanges the ransomware advise you use suggest that it is aimed at Australian users (and may even hail from there).

torrentlocker-buydecryption

Where it differs from CryptoLocker is that although it shares a similar appearance, TorrentLocker is in fact a unique strain of ransom-based malware.

You should also avoid being taken in by the name. Although it suggests a relationship to the Bittorrent network (perhaps, you might think, it is perpetuated through file sharing) many instances of TorrentLocker have been received by email.

Unless the command and control servers behind TorrentLocker are found and taken out of action, paying the ransom to download the software to decrypt your data is the only way out. We’ve already looked at TorrentLocker in some detail TorrentLocker Is A New Ransomware Down Under. And It's Evil. TorrentLocker Is A New Ransomware Down Under. And It's Evil. Read More ; if what I’ve just told you isn’t enough to concern you, the full story should.

FBI Ransomware/Police Central

Perhaps the ransomware scam that most people are aware of, this is the one that – once your system is infected – displays a message that claims to be from the FBI or your local police department, accusing you of storing downloading copyrighted material or illegal pornography on your Windows PC or even your Apple Mac running OS X (although it is relatively simple to avoid being taken in by this).

muo-security-3ransomware-fbi

In fact, if you’re not fussy about where you install your Android apps (for instance, you might use third party app stores Google Play Alternatives For Downloading Android Apps Without Fuss Google Play Alternatives For Downloading Android Apps Without Fuss Many people think that the Google Play Store is the only option Android users have for downloading apps, but there are actually quite a few quality alternatives out there. Read More ) then there is a chance that you can get the same ransomware on your phone or tablet FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It FBI Ransomware Hits Android: How To Avoid Getting It, And Remove It Learn how to keep your Android device safe from FBI Ransomware with these tips. Read More .

Using a localised approach, the scammers were able to tailor their ransomware to individual countries; for instance in the UK, it claimed to be from the Metropolitan Police Service (London’s police force) and the royalties collection society PRS for Music.

Despite the coincidental fact that this flavour of ransomware – known generally as Reveton – had the effect of forcing a paedophile to hand himself in, this is an intimidating piece of malware. Despite the interception and arrest of the gang behind Reveton the threat persists in the form of variants, some of which are also designed to steal your password.

Protect Yourself From Ransomware

Understanding the nature of the beast is the best way to protect yourself from Ransomware. After infection is too late; you need to be able to defend the attack before it comes, not when your data is locked. You can do this by ensuring that you’re using the most up-to-date Internet security suite, capable of defending against all forms of malware. You should also take a look at the preventative measures outlined in our original look at CryptoLocker CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More . While the original form of this ransomware has been all but dispersed, it has been replaced by variants, so you need to be remain vigilant.

Should you be reading this after a ransomware infection, the best solution open to you is to follow the excellent advice given by MakeUseOf’s Guy McDowell in his excellent guide to beating ransomware without paying out Don't Pay Up - How To Beat Ransomware! Don't Pay Up - How To Beat Ransomware! Just imagine if someone showed up on your doorstep and said, "Hey, there's mice in your house that you didn't know about. Give us $100 and we'll get rid of them." This is the Ransomware... Read More .

Are a ransomware victim? Did you pay out, or did you bite the bullet and allowed your data to be deleted (perhaps you had good backups)?

Tell us your story: the comment box awaits!

Featured Image Credit: Girl frustrated with laptop via Shutterstock

Image Credit: Ransomware via Shutterstock, Image Credit: Pierre Lecourt

  1. lynda
    October 17, 2016 at 12:05 am

    I got a FBI warning ransomware claiming I had been viewing inappropriate images such as child pornography or beastiality it locked my internet on my android phone , I panicked called my mold claimed I am not into this types of fetishes n then just deleted n factory reset, I lost everything , I could of even backed up my things prior or possibly before I did the unreversable with the factory reset but I got scared and knew my phone and all the data and info was quite possibly already being breached so I just couldn't trust it . lol I laugh now but calling my mom n explaining that no one would admit to it anyway even if they was cus it is against the law but even so I do not view that kind of things, I was on Google searching lyrics to a song hit a link downloaded and boom it popped up right away

    • Christian Cawley
      October 20, 2016 at 7:53 pm

      Thank you for sharing that, Lynda, it must have been quite a worrying time.

  2. Harri Mäntynen
    February 24, 2015 at 7:38 pm

    Thanks Chris. One last comment;
    Apparently , this "cryptolocker" has no affect on a MAC...or so I have heard. Any news on that?

    • Christian Cawley
      February 25, 2015 at 6:57 am

      There *is* Mac ransomware out there, but it is a lot simpler to deal with. We'll be looking at this phenomenon in a separate article soon.

  3. Harri Mäntynen
    February 24, 2015 at 11:39 am

    Hehe,,,witty of you! Er...uh,,"Touché!! However, to assume in this day and age ,that one gets nailed with ransomware "just out of the blue" is not accurate. If I was looking to just "shake someone up" for a few bucks, I would target Porn and Torrent sites. But this "Crypto-locker" is on another level..more like a serious threat to business owners and public figures.....(who probably watch porn, download movies and keep questionable files on there machine!) Any hacker who was serious about cashing in would most likely make sure his/her victim would have something of value worth paying for...that or something to be ashamed of!Just saying , I have only been hit twice with ransomware in the last 8 years, both times from clicking on a
    pop up ad on a porn site. I hope you understand, my intention was to be informative.

    • Christian Cawley
      February 24, 2015 at 7:22 pm

      Your experience in this area is certainly appreciated, Harri. Please use safer porn sites, though.

  4. Harri Mäntynen
    February 19, 2015 at 12:38 am

    heheh,,,,no one has mentioned...avoid the porn!!! I use a MAC and was under the impression that ransomware would have no affect on my now,"ex" porn hobby. Some fictional police-lock popped up and luckily.. I found the solution to removing it from Chrome on my other web browser. Most of the ransomwares I am referring to, originate from Porn sites or illegal download sires...as for these "file encryption/drive locking versions...wow,,hope that I never come across that!

    • Christian Cawley
      February 24, 2015 at 8:31 am

      Maybe you're the only one here using it, Harri ;)

  5. MamboKid
    December 21, 2014 at 8:27 pm

    This article is not it in the least bit helpful in informing me about how to avoid ransomware or what to do if I have the misfortunate to get hit. I had to read to the bottom to find a link to an article that was actually worthwhile.

  6. Wally
    December 21, 2014 at 6:27 pm

    So, is it correct that if I back up all my data and files to a Cloud, that I would be okay?

    • Leah
      December 21, 2014 at 8:20 pm

      You should be in that you should be able to download them onto that device or another device again.

  7. Greg Marino
    December 21, 2014 at 2:25 am

    I retain NOTHING of substance on my computers. Where my gigabytes are exactly is npne of anyones business BUT....if in this day and age you're STUPID enough to not send your data "elsewhere"... you deserve anything and everything you get! Typically, REAL people of substance don't hang out where the vast majority of thid crappola resides. And also, if you've not learned the specifics about bogus emsil and attachments, the techno world may simply not be for the likes of you!

  8. Riley Mullins
    December 20, 2014 at 10:34 pm

    A few clients that got hit with ransomeware I've put them on CryptoPrevent from FoolishIT, there is no magic program things like this, best prevention is limiting what the workstations can do. It is funny that most workers see their workstation as their own equipment. Sorry, your company is not paying me to recover all 15GB of pictures you have stored.

  9. Doc
    December 20, 2014 at 7:34 pm

    I got hit by one of the "fake antivirus" apps, way back when I was still using Windows XP; after removing the startup entry using CCleaner in Safe Mode, I decided to install NoScript in my browser. (It's amazing how many third-party scripts are used on any given website!)
    It's not safe to allow any and all sites to run JavaScript...if you're using a Chromium derivative, like Chrome, SRWare Iron, Torch, Comodo Dragon, or the new Opera, there's ScriptSafe.

  10. dragonmouth
    December 20, 2014 at 7:28 pm

    How about nuking the infected hard drive(s), or using brand new HDs, and restoring with a clean backup? Shouldn't that take care of any malware?

    • GraveDigger27
      December 20, 2014 at 11:37 pm

      While that might work if you can boot from a CD/DVD or USB drive, many people (like my brother) are absolutely horrible about backing up their data. If they have created restoration disks, they can probably go back to their "out-of-the-box" configuration. Or in some cases, they might be able to recover by using the hidden restoration partition that many laptops and desktop systems come with. But that assumes that they haven't accidentally deleted or corrupted the hidden partition. Plus if they HAVE created a backup of their data or their system, there's a good chance that the backup could also be carrying the malware.

      My current position is if I can't resolve their problem by rebooting the system with a CD or DVD and then trying to remove the malware using a program like Malwarebytes or Super Anti-Spyware, then I'm not gonna struggle trying to recover their data if they haven't made a backup - it's time to wipe the drive and use the restoration partition or recovery CD/DVDs. It's really NOT my problem that they didn't listen to me when I tell them to back up their stuff and it's not worth my time to spend HOURS doing something that they could've done in minutes...

  11. GraveDigger27
    December 20, 2014 at 7:14 pm

    My brother's computer was compromised a couple of times in the past few years with a ransomware attack (there are multiple users on his home system and he isn't the most knowledgeable about maintaining his hardware...) I was able to regain control of the computer by booting from a CD and cleaning the system using Malwarebytes Anti-Malware and/or SuperAnti-Spyware.

    Unfortunately, there are too many people who see a message that their system is infected, click on some popup and install a piece of malware pretending to be a utility program or click on a link in a email message despite being told NEVER TO DO THAT!!! Since these same people are often guilty of not backing up their systems on a regular basis, the best solution is for them to get "bit" once in awhile. They may end up losing some data or having to start from scratch, but since they can't be taught to do the right thing beforehand, it's worth the cost.

    As my daddy always said: "Learnt sense is better than told sense..."

  12. Sylvio Haas
    December 20, 2014 at 7:00 pm

    A downloaded Anti-Cryptolocker and it revealed itself as a bad malware. I lost my internet connection, could hardly command my own documents, a disaster. Avoid it.

Leave a Reply

Your email address will not be published. Required fields are marked *