Ransomware. That word alone is enough to strike fear in the hearts of IT Admins worldwide. It's also an individual's worst nightmare. The very notion of your data being held at gunpoint for a ransom is enough to send a chill down your spine. But what exactly is ransomware and how can we combat it?
What is it?
Let's start with the basics. In an increasingly online world, your data is more valuable than you think. Our entire lives revolve around data such as passwords that are instrumental in providing access to services that we use. We also rely on the data on our systems to make our lives simpler.
Now imagine if someone manages to hack into your computer and takes control of the data. They lock it down with heavy encryption and demands that you pay them to get access to the key. That is Ransomware in a nutshell, a type of malware that blocks access to your data till a ransom is paid.
How does it infect your system?
One of the most common ways a threat actor can sneak ransomware into your system is by disguising it as something else and tricking the user to download it on their computer. The most popular delivery method is of course, phishing emails that come with attachments with the infected file loaded on them.
Once the user is tricked into downloading the file, the ransomware activates itself and begins encrypting your data. Once the process is complete, you will then get an alert which is commonly in the form of written text on notepad that gives you instructions on what you need to do to get your files back, similar to a ransom note.
If your files get encrypted, there is no way to get them back without a specific mathematically generated key known only to the threat actor. You are also generally directed towards cryptocurrency (Bitcoin, Ethereum) to pay the ransom because they are harder to trace.
Types of Ransomware
There are several different types of ransomware but they can be classified into two groups. One that locks several key functions that make it difficult to operate your computer and the second that individually encrypts each and every data file on your system.
What you can do to guard against Ransomware?
If you don't have a security suite on your system right now and are relying Windows' built in malware and virus tracker, do yourself a favour and buy one. These suites come in various different flavours including a one size fits all package that has everything or individual software packages for different modules. There are a lot of options on the market as well - Bitdefender, Kaspersky, Norton, ESET and Trend Micro come to mind but there are several more options that include specialised software's for malwares. Do your research, pick one and bite the bullet on the yearly subscription cost.
Second, never download any attachments from emails that you do not trust or don't have a verified sender. It should also go without saying that you shouldn't be dabbling with unknown storage devices with files you do not recognise.
How will you know if your system is infected?
Encrypting data files is a CPU heavy activity and you should notice significant slowdowns on your PC when this is the case. The easiest way to check this is by right clicking anywhere in an empty area on the Taskbar and selecting Task Manager.
Next head to the performance tab, if you are seeing abnormally high CPU and disk usage (normal values should not be higher than 1% to 7%, 0% for hard drives unless they are being used) then something is definitely fishy. It could turn out be a service running in the background but it never hurts to check.
Another sure sign is renaming of file names and extensions. When ransomware encrypts data, it renames your files and changes the extensions (.jpg, .doc etc.) on them, if you are seeing file names being changed that is another sign that something dubious maybe at work here.
A late sign are files that you once used no longer opening which means the encryption has been completed and you can longer access them. Always have a backup of all your important files, so that in events like these, there is something that you can recover your data.
Can something be done to recover your files?
If all else fails and you have been infected, there isn't much that can be done without paying the ransom. However, this isn't recommended, since there is no guarantee that your files will unlock after you pay. If you can figure out the name of the ransomware that has been used on your system you can head to No More Ransom and see if they have a decryption tool available. If they do, you are in luck.
If they don't, then you just have two options - pay the ransom or reset your computer to factory settings (full data wipe). You will loose all your data in the process but will regain access to your PC.