The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.
— Joseph Bonavolonta, Assistant Special Agent, FBI CYBER and Counterintelligence Program
Ransomware is malware that hijacks your computer, encrypts or hides your personal files (photos, movies, music, school work, etc), and attempts to ransom that data for hundreds of dollars. It is among the most destructive and costly kinds of malware and steps must be taken by families and businesses to avoid it or, if already infected, contain it.
Ransomware can affect Apple OSX (Macbooks and iMacs), Microsoft Windows, and Android mobile devices. Although the payload can differ depending on what program you’re infected with, all ransomware is dangerous and should be treated with extreme caution.
In a nutshell, ransomware works like this:
The computer gets infected, often through email attachments or suspicious websites. Once inside the computer, the ransomware will begin making changes which undermine the computer’s security and backup systems.
After valuable backups are eliminated, the ransomware will begin encrypting your data. This can result in severe computer performance problems because your processor is being forced to apply strong encryption to its own files. This is brainy stuff and it takes awhile for the computer to finish up. Once a file is successfully encrypted, you’ll lose access to that file unless decrypted and only the ransomers have the keys.
As soon as encryption has completed and your files are locked up, a popup will appear warning you of the ransom, offering also an explanation of what happened and “convenient” ways to pay the ransom, often demanding as much as $500. If you see this warning, you’re in for a rough time.
Unfortunately, the most common ransomware – Cryptowall and Cryptolocker – use methods and encryption too sneaky and too thorough for the FBI to defeat. Paying the ransom might result in your files being decrypted, but that’s entirely up to the thieves responsible. According to the FBI:
And we’re talking a lot of money, well into the tens of millions. With such a strong monetary incentive, ransomware distribution has become a viable business model in loosely regulated countries, especially Russia. Ransomware companies have staff, customer service, and accountants, but good luck filing a complaint with the Better Business Bureau. You’re much better offer contacting the Investigation Internet Crime Complaint Center. And because so many end up paying the ransom and because there’s so much money to be made, more and more people are getting into the business of data ransoming, driving infection rates up and up. Dark days indeed.
There are ways to protect yourself, however, and steps to take if you are already infected. According to the FBI:
In our experience, an offline backup is the most valuable protection. A good, recent backup can prevent all data loss, whether due to hurricane or ransomware. Most ransomware, however, will scan for connected network drives (other connected computers) and connected external hard drives. If found, it will progressively infect and encrypt data on those devices as well. For high risk users, Poindexter recommends daily backups to an external drive, then disconnecting that drive from your computer or network. Stash your backup in a safe, dry place, in the event of an emergency.
If infected, immediately disconnect your computer from the internet and local networks. Any computers connected to the same network could also be infected; disconnect them immediately. The next steps are about damage mitigation and it is best to call a professional to assist with data recovery and improved security. Mismanaging an infection this severe can result in irreversible loses and reinfection. If you are or believe yourself to be infected, contact Poindexter immediately.