Ransomware, a Growing and Destructive Threat

You boot your computer, and it tells you that your files have been encrypted, and unless you pay the perpetrator through an anonymous channel, you can’t get them back. If you hesitate, the files might start disappearing a few at a time. This is ransomware, one of the nastiest tricks that online criminals can pull on you. It’s also one of the most popular, since it lets the thieves extort money directly, rather than having to sell personal information or botnet access to other crooks.

Ransomware demands payment in bitcoin, making the transaction very hard to trace. Hospitals are favorite victims; one hospital was forced to hand over more than $17,000. The U.S. government itself has been a target; in fact, an attempt was made to lock up files belonging to members of the House of Representatives and their staff.

The incidence of ransomware is rising steeply. The FBI’s Internet Crime Complaint Center reported 2,453 complaints of ransomware attacks in 2015, compared with 1,402 the year before. Most attacks come in the form of deceptive emails that try to get the victim to open an attachment or to view a web page with a malicious script.

Cryptolocker is one of the most notorious variants. It first appeared in 2013, and more recent versions have adapted to countermeasures that stopped old versions. It tries to encrypt all files that have specified extensions, including most document and image files.

Petya is even worse; it encrypts a drive’s master file table and makes all files inaccessible. The user can only boot up to an extortion note. The files’ contents are still there, but without the MFT, they’re scattered all over the drive, with no way to tell which sectors belong to what files. Making the payment and entering the decryption key are more difficult, since the victim has to find a working computer and then copy the key by hand.

Several measures will help you avoid getting hit by ransomware; the first defense is a good spam filter. Since ransomware attempts often come through email, if they never reach your inbox, you’re safe.

If your Windows system hides file extensions, turn that option off. Malicious email often uses executable attachments disguised as document files. If you can see the file’s extension, and it’s an “.EXE” file when it has no reason to be, you can assume it’s malware.

Of course, you should have up-to-date security software. Its creators work hard to keep up with the latest attacks.

If you get hit by ransomware, you can recover without paying anyone if you have a recent backup. The catch is that ransomware will try to encrypt any attached drives as well as the boot drive. An offsite backup is out of its reach, and you’ll be able to restore your files from it.

Ransomware is a serious threat and getting worse, so take the necessary protective measures seriously.

CTECH Consulting Group is the trusted choice when it comes to staying ahead of the latest information technology and security tips, tricks and news. Contact us at (403) 457-1478 or send us an email at info@ctechgroup.net for more information.

Written by Carl Fransen

posted on June 30, 2016

Carl Fransen

My passion is to make my mark on the world in a positive and lasting way. I want to set an example for my son that his father can compete with integrity in today’s world, be very successful, and leave the world a better place for him.

Combining my technical/business-based education with a long career steadily progressing up the corporate ladder, I decided to build a company that held true to my values. So, I founded and designed the next generation of IT support firm: CTECH Consulting Group Inc. We are a completely automated, cloud-based IT company designed to compete against any other IT firm without the overhead. We promote a lifestyle to all our staff where they can work anywhere, at any time, access any information on any device that is relevant to their job, and collaborate with anyone they want to.