You’ve probably heard of Ransomware, the malware that locks up your system and threatens you in order to extort money. It is a threat that exists on desktop and mobile devices, and is almost always insidious, difficult to remove, and, in many cases, expensive.
We’ve previously explained how to deal with several ransomware threats should you find them on your computer, but just how great is this threat? Several prominent ransomware scams are in circulation at the moment. Let’s go over three of the most devastating, so you can recognise them.
Before we proceed, a quick catchup, just in case you’re reading this article completely unaware of what ransomware actually is.
When infected with a ransomware bug, a computer’s files – typically the My Documents folder and libraries – are locked, often encrypted. The creators/distributors of the malware then display a message to the user, informing them of the price y that must be paid to regain access.
That’s right: you have to pay to get access to your own files. Think of it as a digital version of the old “protection racket” monies for menaces model.
Data isn’t only locked, however; in some cases, the user is accused of being a paedophile, using illegal images and a message purporting to be from a known law enforcement agency. In 2013, McAfee revealed it had collected in excess of 250,000 ransomware samples, each unique, in the first quarter of that year alone.
A growing threat across all platforms, the 3 examples below should help explain just why you need to be wary of ransomware.
Targeting Windows, CryptoLocker quickly became the daddy of the ransomware scene in 2013, spread by email and possibly through the ZeuS botnet.
After installing itself on your computer, CryptoLocker encrypts documents found on your computer, on network drives and on removable storage, tying them up with 2048 bit RSA. Retrieving your data means paying USD $380 in Bitcoin or $300 in either MonkeyPak or Ukash prepaid cards.
Following a security services operation, it became possible for some users to get their files back. Obviously this is good news, but it does highlight just how devastating ransomware can be. It took the discovery of the command and control server behind the ransomware encryption to stop (the original) CryptoLocker in its tracks, but even that wasn’t enough to free user data. Instead, we’ve had to wait for it to be reverse engineered, and a decryption tool developed.
With a similar name to CryptoLocker, TorrentLocker locks up your files and demands a fee of $500 AUD (doubling to $1000 AUD if you’re slow to cough up the readies) to be paid in Bitcoin. Various clues about the currency and the exchanges the ransomware advise you use suggest that it is aimed at Australian users (and may even hail from there).
Where it differs from CryptoLocker is that although it shares a similar appearance, TorrentLocker is in fact a unique strain of ransom-based malware.
You should also avoid being taken in by the name. Although it suggests a relationship to the Bittorrent network (perhaps, you might think, it is perpetuated through file sharing) many instances of TorrentLocker have been received by email.
Unless the command and control servers behind TorrentLocker are found and taken out of action, paying the ransom to download the software to decrypt your data is the only way out. We’ve already looked at TorrentLocker in some detail; if what I’ve just told you isn’t enough to concern you, the full story should.
FBI Ransomware/Police Central
Perhaps the ransomware scam that most people are aware of, this is the one that – once your system is infected – displays a message that claims to be from the FBI or your local police department, accusing you of storing downloading copyrighted material or illegal pornography on your Windows PC or even your Apple Mac running OS X (although it is relatively simple to avoid being taken in by this).
In fact, if you’re not fussy about where you install your Android apps (for instance, you might use third party app stores) then there is a chance that you can get the same ransomware on your phone or tablet.
Using a localised approach, the scammers were able to tailor their ransomware to individual countries; for instance in the UK, it claimed to be from the Metropolitan Police Service (London’s police force) and the royalties collection society PRS for Music.
Despite the coincidental fact that this flavour of ransomware – known generally as Reveton – had the effect of forcing a paedophile to hand himself in, this is an intimidating piece of malware. Despite the interception and arrest of the gang behind Reveton the threat persists in the form of variants, some of which are also designed to steal your password.
Protect Yourself From Ransomware
Understanding the nature of the beast is the best way to protect yourself from Ransomware. After infection is too late; you need to be able to defend the attack before it comes, not when your data is locked. You can do this by ensuring that you’re using the most up-to-date Internet security suite, capable of defending against all forms of malware. You should also take a look at the preventative measures outlined in our original look at CryptoLocker. While the original form of this ransomware has been all but dispersed, it has been replaced by variants, so you need to be remain vigilant.
Should you be reading this after a ransomware infection, the best solution open to you is to follow the excellent advice given by MakeUseOf’s Guy McDowell in his excellent guide to beating ransomware without paying out.
Are a ransomware victim? Did you pay out, or did you bite the bullet and allowed your data to be deleted (perhaps you had good backups)?
Tell us your story: the comment box awaits!
Featured Image Credit: Girl frustrated with laptop via Shutterstock