Criminals are locking away victims' files and charging vast sums to return them. We explain how this threat works and how to avoid it.
What is ransom-ware?
Ransomware is a type of malicious software that installs itself on victims' computers and encrypts data files. It then displays a message explaining to the victim that the only way to recover those files is to pay a ransom, after which the criminals promise to provide a decryption key that will allow the victim to recover the disabled files.
The encryption is typically very strong and the method used to encode the files is so effective that recovering the data is virtually impossible without the decryption key. Each attack uses a different key so you can't reuse another victim's key to decrypt your data. Everyone has to pay or face the possibility of never seeing their digital photos, documents and other data again.
Most good antivirus software will stop ransomware getting into your computer and your first line of defence should always be up-to-date security software, such as BullGuard Internet Security. Should you get infected kicking a ransomware off your computer is not particularly hard and any half-decent anti-malware product will be capable of deleting it thoroughly. The problem is that once your files are infected the criminal doesn't care whether or not the malware is running on your system. The damage has already been done. In fact, if you intend to pay the ransom, you probably don't want to remove the malware until you are sure that your files have been restored, as you'll need it to help decrypt the files.
That said, if your anti-malware product detects ransomware arriving on the system it could stop it before it causes any significant damage. Every serious developer of anti-malware software provides removal tools and instructions to help avoid or, in the worst cases, remove a ransomware attack.
How much do the criminals charge?
If your system becomes infected with ransomware you can expect to face a bill running from $100 up to thousands. It depends entirely on the attacker behind each specific campaign of attack. In many cases, the amount is determined by the exchange rate between conventional currencies and BitCoin. Recent attacks have demanded one or more BitCoins, making an average ransom about $420 at time of writing.
How do they get away with it?
Payment options are designed to be anonymous. In some cases the malware will demand payment via the online cash payment service Ukash or using supposedly untraceable BitCoins. This makes tracking the hackers hard because they take great pains to distribute their malware without being caught. As a result following the money becomes very hard too.
The panic that many users feel once infected can lead to victims paying before giving the situation any real thought. If you were told you had 48 hours to pay or lose all your digital photos you might sympathise.
Should you pay?
If you become infected with ransomware you'll face the basic decision – to pay or not to pay? As with kidnapping, there is no guarantee that the criminals will keep their side of the bargain once the ransom has been paid. You have to weigh up how much your data is worth to you versus the ransom amount, and factor in the possibility that you either won't receive the decryption key or, if you do, it might not work.
Ways to avoid the threat
The whole situation seems pretty hopeless but there is actually a relatively straightforward solution: back up your files! You should be backing up your data anyway in case of hard disk failure and other causes of data loss, such as having your computer stolen.
Online backup services range from free to a few dollars per month but take the hassle out of the process. A good online backup service will maintain different versions of files and this is a critical feature when protecting against ransomware. If the service only keeps one version of each file then you could find that encrypted versions will end up in your backups, which defeats the backup's purpose.
Many people back up to Network Access Storage (NAS) devices. This is an attractive option because you control the device and can back up as much data as you like without ongoing fees. However, ransomware has evolved to a point where it can encrypt files stored on NAS boxes. If you use a NAS, ensure that the backup software you use is capable of handling multiple file versions and hope that the version of ransomware that you encounter does not encrypt the actual backup files.
If you want to make offline backups you could attach an external hard disk and use that to store your backup archives. Be sure to disconnect it when not in use or you'll face the same problem that you'd have with a NAS.
The future of ransomware
While most ransomware appears to affect Windows PCs today, attackers are already beginning to target mobile devices and ransomware already exists for smartphones and tablets. In every case so far users are tricked into installing the software, which poses as something attractive, such as a free photo editing utility.
It's one short jump from these types of devices to smart TVs and other Windows or Android-based gadgets that we've started to integrate into our homes. The basic principle will always apply – your device contains some data or provides access to a service that you want to use, and you'll have to pay a criminal to gain access to that data or service.
Here's a realistic example: Imagine that you have settled down to match a major sporting event that you really care about and your TV, 30 minutes before the start, displays a message saying, “Your TV has been disabled. To return to regular service please use the following instructions to pay $99.” There is no technical reason why this could not happen with some of today's smart TVs.
As threats start to attack home devices we'll likely see the emergence of anti-malware products for those types of electronics.