Ransomware. What? How?

What is Ransomware?

Ransomware is malicious software that denies a user access to his or her files and demands a ransom in order for the user to regain access. It denies access either through encrypting files or preventing the user from completely logging in to their system.

Ransomware has exists since the 90s but it seems to be gaining popularity recently. This could be mainly because of the emergence of cryptocurrencies which give the hackers an almost untraceable method of receiving payments. Before cryptocurrencies, payment was either done through banking services or other payment services. These payment services happen to be traceable and the transactions can be reversed. In contrast, cryptocurrencies don’t allow transactions to be reversed. With this in mind, the hackers know that you can’t reverse a transaction as soon as they allow you to regain access to your files.

Types of Ransomware

There are two types of ransomware:

1. Crypto-ransomware – This type of ransomware encrypts specific files in your computer system and demands payment for the decryption of the files. The best example of this is the infamous Wannacry ransomware.

2. Locker-ransomware – This type of ransomware simply locks you out of your computer and prevents you from logging into your system. An example of a locker ransomware is Reveton. Reveton ransomware would lock a user’s system and claim to be from a law enforcement firm like the FBI. It would then ask a user to pay through gift-cards or vouchers.

How Does a System Get Infected With Ransomware

Ransomware usually gets installed in a system mainly through poor system management. This means that only if the malware is able to execute in the user’s system does it infect the system. The ransomware can execute only through a exploiting vulnerability or improper user privileges.

The hackers get the user to execute the malicious code through various ways. The two major ways are through phishing campaigns and malvertising. These phishing campaigns are mostly emails that seem legitimate but contain malicious attachments that when downloaded or opened execute malicious code. Malvertising involves the use of advertisements to spread malware. A click on an advertisement could lead to malicious code being executed on your system.

How to Protect Yourself From Ransomware

These tips will reduce the probability of your system from being affected by ransomware:

1. Install and keep an up-to-date anti-virus such as ESET, Norton, Bitdefender or Kaspersky.
2. Keep all your applications (especially browsers) and system software updated
3. Be vigilant about the attachments you receive. Don’t open emails or attachments you didn’t explicitly ask for.
4. Disable Macros on your spreadsheets software. Some malicious code is usually attached to files as macros.
5. Make sure you use a normal user account by default instead of an administrator account. The administrator account has the privilege of executing any code on a system.
6. Have system backups that are not usually attached to the computer system. Some ransomware scan all drives including attached drives and may end up encrypting your backup as well. Store your backup in a secure external hard drive or in the cloud if it doesn’t contain sensitive information.
7. Use software such as Ransomwhere for Mac or Ransomfree for Windows that notify you of untrusted processes that are trying to encrypt your files.

What to do if Your System Is Infected

If your system is already infected by ransomware there are a few things you can do to regain access to your files. The first rule however is that you should not pay the ransom. The reason for not paying is that paying the ransom may not guarantee that you will get your files.

Here’s what you can do;

1. Go onto nomoreransomware.org and find out what ransomware has encrypted your files and how to decrypt your files. Nomoreransomware is a collaborative initiative aiming to end the spread of ransomware and also allow victims to retrieve their data without paying ransom.
2. Report to your Computer Incident Response Team (CIRT) to receive further information. In Kenya, you can report to the National Ke-CIRT/CC through their portal.
3. Clean up your computer and restore your backup. If you don’t have a backup you may have to start from scratch.