Emerging Online Threats: Ransomware

A new, dangerous breed of malware dubbed “ransomware” has hit the Internet in recent years. Unlike traditional computer viruses, which are typically designed to get onto a machine as quickly and as quietly as possible, ransomware makes its presence known almost immediately by way of locking the user out of a particular computer. The “ransomware” malware strain gets its name from its garish tactics – a message appears on screen claiming that the user can only regain access to the data on a computer’s hard drive after paying a specified price via some type of online payment service.

As ransomware begins to infect your computer, one of a few key things can start to happen depending on the exact strain of virus that you’ve been attacked by. The ransomware program can begin to encrypt all of the data contained on the same hard drive it is stored on. A very specific security key is then required to remove the encryption and regain access to your personal information. These types of viruses are very advanced.

If your machine has been infected with a less-advanced form of ransomware, a program will execute that effectively locks you out of your machine. The data contained on your hard drive is unencrypted and is for all intents and purposes safe – you just don’t have access to it.

Regardless of what type of ransomware your machine has been infected with, the next thing that happens will likely be that a message pops up on screen stating that you need to pay a specified amount of money to regain access to your computer. The screen will detail that you’ve been locked out of your system and will also provide instructions on how to pay to restore your computer to normal. The price is commonly set by the person who created the ransomware strain in the first place. Reports of various prices from infected users have ranged from $10 to a thousand dollars or more. It is important to note that paying doesn’t guarantee the safe return of your data, which is why you should never actually pay.

Ransomware is typically found on sites that house copyrighted material that users then download illegally. While the ransomware is likely not found within the code of a particular site, it can instead be found inside the files that users illegally download from those websites. While a site like Rapidshare may not itself infect your computer with ransomware, the file that you download from Rapidshare is another story altogether.

Certain cases of ransomware can also infect your computer via general security vulnerabilities found within your network connection or even your operating system. These instances are typically targeted attacks.

Certain types of ransomware messages look vaguely legitimate and are designed to scare and fool less tech-savvy computer users. Messages will likely claim to be from local police or even the FBI. The message may contain an FBI logo to make it look more realistic. Several paragraphs of text likely follow, indicating that you have been caught downloading illegal or copyrighted material. The actual message requiring you to pay is then often phrased in a very specific way, stating that you can either pay the specified fee as a fine or refuse to pay and be subject to legal action down the road.

All of which, obviously, is untrue. When a person is caught downloading copyrighted material by law enforcement agencies, his computer is not hijacked by the police. He is notified in the future by way of a subpoena. However, people who are unfamiliar with copyright-related lawsuits in recent years will likely be fooled by the ruse. Payment is almost always required through an online payment service. Reports have also stated that certain strains of ransomware require payments via wire transfer as well.

Getting rid of ransomware can be tricky. The first step should be to boot an infected computer into “Safe Mode” to attempt to run a virus scan. If you’ve been keeping your antivirus definitions up to date, the scanner should have no problem identifying and removing the ransomware strain. Performing a virus scan from the normal Windows mode will likely prove impossible, as the ransomware message will automatically pop up and lock you out of a machine even after a complete reboot. The computer’s Internet connection will also likely be disabled, which will make it difficult to update any out of date virus definitions.

If your computer doesn’t have updated virus definitions or a virus scanner of any kind, you will have to download what you need using a second computer and transfer everything using a flash drive, CD or DVD.

Extreme cases of ransomware infection leave little alternative for removal beyond a full and complete system factory restore.

Ransomware is successful because it’s designed to take advantage of legitimate paranoia. A person downloading copyrighted material is likely worried about getting caught, especially as legitimate lawsuits against online pirates continues to rise each year. The safest way to avoid getting infected with ransomware altogether is also the safest way to avoid other types of viruses, spyware and adware: don’t download anything illegally online. Stick with legitimate websites and your chances of getting infected with any type of computer virus drop dramatically. Also, keeping the virus scanner on a computer as up to date as possible will help quite a bit when it comes to preventing these attacks before they occur.