What is ransomware? Ransomware is a type of malware that infects a computer or cellphone.
Normally entering through a trojan, this software will often change the basic functionality of a system and always inform the user to pay money (a “ransom”) to get normal access to their PC again.
Ransomware comes in three basic varieties:
- Scareware
- Lockscreen
- Encryption
Scareware
Scareware versions of ransomware falsely claim the user has done something illegal with the PC, posing as a police force or government agency. The scare tactic claims content such as pornography, gambling and “pirated” media to make the user pay the money quickly and without telling anyone else or seeking out IT assistance for fear of embarrassment. Scareware can also come in the form of an IT company trying to assist the user claiming that the computer is infected, and how they can help with a small fee.
If you see a message like this, you are under a ransomware attack:
Scareware will often ask for a very specific way to be pay, including Amazon or iTunes gift cards, temporary credit cards and cryptocurrencies like Bitcoin.
Are the authorities going to remotely shut down your computer? Absolutely not. If a user has done something illegal on a computer, the computer itself is often evidence and would need to be taken by the authorities. A knock on the door is the most common way they obtain this evidence.
On top of this, the FBI, the CIA, your local police department, and any other authority that are typically used in these scams simply do not collect fines and if they were to collect, it likely would not be in Kmart gift cards.
LockScreen
Lockscreen ransomware generally shows a full screen message that can prevent a user from accessing their PC or files. The screen will often be unresponsive and include phone numbers asking the user to call. Similar to scareware, lockscreen ransomware will often falsely pose as an IT company out to help the user or a police force or other government agency.
Like scareware, lockscreen ransomware will often ask for very specific ways to be paid, or instructions for the user to follow. The program will pose as well-known IT services, like Microsoft, or Norton, to earn the user’s trust. Lockscreen IT ransomware will often use logos from real antivirus programs to sell the illusion.
For example, this is the actual logo for AVG anti-virus:
Will an IT company or antivirus take over your computer to assist you with malware? Absolutely not. If you have not recently run an antivirus scan on your computer or called your IT provider for assistance, there is a good chance you are dealing with ransomware.
Encryption
Encryption ransomware is often the only type that will openly admit to being exactly what it is. It will often allow the user to continue using the computer but locks down files and folders using an encryption key, making all files and folders inaccessible. It will come with an alert that says the user must pay money (a “ransom”) to re-obtain access to their files.
Encryption ransomware will again ask the user to pay exclusively in very specific currency, often giving deadlines and ticking clocks to when your files will be permanently gone. But there is no trick here.
“We have your files and they will never come back unless you pay.”
Frequently asked questions about ransomware
- What if the message knows my IP address?
Your IP address is not usually hidden, and there are many tools online that will display your IP address. It is incredibly easy for someone else to know your IP address. This is not at all indicative of an authority looking at your computer.
- How did ransomware get on my PC?
In most instances ransomware is automatically downloaded when you visit a malicious website or a website that had been hacked. It can also be embedded in a trojan, a downloaded file usually in an email that once opened will release the ransomware. - Is it true that the legal authorities in my area have detected illegal activities on my PC?
No. These warnings are fake and have no association with legitimate authorities. The message uses images and logos of legal institutions to make it look authentic. - I cannot access my PC or my files. Should I just go ahead and pay to regain access?
There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware. Paying the ransom encourages more ransomware. - How can I get my files back without paying the ransom?
The best way is to be prepared with a managed offsite backup and replication provided by an IT specialist like Capitol Communications. That is the only surefire way to ensure your files can be restored from any ransomware attack. - How can Capitol Communications help me?
As a company specializing in online network security and email applications, we understand ransomware. Our preferred method of ransomware protection is Infrascale DR, which we can easily implement on your network in no time at all.
Want to learn more about preparing your business for cybersecurity?
Give Capitol Communications a call today at 307-635-9295. We would be happy to discuss the security of your online data.