Ransomware has been around for a while now and grows more prevalent with each passing year. Cases of ransomware were first seen in Russia in 2005.
A 2006 report from Trend Micro told of an early ransomware strain that affected Windows computers, which would search a hard drive for certain files, zipping them into a password-protected file, deleting the original files. Also created on the drive was a “ransom note” text file, telling how to make a payment to get the files restored.
In 2011, Trend Micro reported about an SMS ransomware strain that repeatedly displayed a ransomware page to users until they paid the ransom by dialing a premium SMS number.
By early 2012, ransomware began to spread outside of Russia, as the bad guys began to realize what a profitable business model it could be if performed properly. The rise of cryptocurrency in recent years has also contributed to the rise of ransomware, due to the ability to receive the demanded ransom via Bitcoin and other anonymous forms of payment.
Late 2013 saw the rise of “crypto-ransomware” that encrypted a user’s files, ensuring the need to pay a ransom even if the ransomware itself was removed from the computer. This type of ransomware demands a ransom be paid, upon which the user would receive a private key to decrypt their files.
Of course, payment of the ransom didn’t always result in the bad guys holding up their end of the deal. (Um, they’re “bad guys,” DUH!) However, most ransom payments have proven to result in the needed key to unlock files, as the scheme depends on victims believing that payment of the demanded sum will result in the freeing of their data.
In this article, we’ll take a look at how ransomware can hold your computing device and its files hostage, how you can prevent ransomware from attacking your computer, and what you can do if you find that your data is being held hostage.
What is Ransomware?
Ransomware is malicious software that encrypts or otherwise blocks access to the data stored on a user’s computer or mobile device. The victim is then told to pay a “ransom” to have the files unlocked so they can be accessed once again.
While some simple forms of ransomware can be easily decrypted by a knowledgeable user, more advanced methods of encryption make it nearly impossible to retrieve the encrypted files without the private key needed to perform the task.
Ransomware attacks are usually launched via a “trojan” application, which enters a system through a downloaded file or a security vulnerability in a network service.
While operating system and networking companies regularly release updates to fix security flaws used by such trojan apps, many users fail to install the updates, leaving their machines and networks open to attack.
Once downloaded to your computer, the program then runs, locking the system, encrypting data or, in some cases, even making threats that appear to come from a law enforcement agency. (One user turned himself in after a malware app threatened to call the authorities about child pornography on his hard drive. He actually had child porn on the drive.)
No matter the type of ransomware, the goal of the evil payload is almost always to extort a payment of some sort from the victim. The amount of money demanded from individuals can be a substantial amount, but not financially crippling for the individual.
Tom’s Guide notes amounts have been reported to be in the range of $300 to $700 for victims in the United States, although amounts can vary according to the victim’s location.
Protecting Your Computer From Ransomware
There are several ways to protect yourself from ransomware, and we’ll take a look at each one in this section.
We’ll look at how “smart computing,” keeping your computer and other connected devices updated, and running anti-virus and anti-malware apps can help you keep your system running clean and green, keeping your personal or business data from possibly being lost forever.
Practice Smart Computing
Always practice smart computing.
When I say that, I mean that you should always think twice about opening emails or email attachments from unknown parties. Never click a link found in an email, even if it appears to be from someone you know.
When browsing the web, use common sense and stay out of the darker corners of the web. (Like my doctor, Vinnie Boombotz says, “If you break your arm in three places, stay out of those places!”) Sure, the lure of free movies and music can be enticing, but think before you click.
Never install an application on your computer or mobile device unless you’re absolutely certain of the source of the app. If possible, restrict app downloads to those from known sources, such as the Windows Store, the Mac App Store, the iOS App Store and Google Play.
Mac and Windows owners may find this rule a bit tougher to follow, due to the plethora of app sources available on the web, but at the very least, be sure of the websites you’re downloading from.
Always make sure you show file extensions on your computer. This will help you identify the types of files you’re viewing. Be wary of clicking files you’re not sure of, especially if they show file extensions like “.app,” “.exe,” “.vbs” or “.scr.”
Keep Your Computer or Mobile Device Updated
One of the most important things you can do to protect your computer or mobile device from threats like ransomware is to keep it updated, regularly installing the latest updates. The best way to do so is to turn on automatic updates, so your device will keep itself updated and patched against the latest threats.
Luckily, Microsoft, Apple and Google usually react quickly when security flaws are exposed, often releasing a fix for the security holes within days. Android users can still be exposed, however, due to the various devices that run the mobile operating system, and the need for individual device makers to release updates for those many, many devices.
Windows 10 is easy to keep updated. Simply go to “Update & Security” in the “Settings” menu and make sure updates are set to install automatically. You can also manually install any available updates while you’re in this area.
macOS is also easy to keep updated. On your Mac computer running macOS High Sierra or any recent version of the macOS operating system, do the following:
- Click the Apple icon you’ll find on the upper left-hand corner of your Mac’s Desktop.
- Click “System Preferences.”
- Click the “App Store” icon.
- On the App Store screen, make sure the “Automatically check for updates” and the “Install system data files and security updates” boxes are checked.
Your Mac will then notify you when an update is available. You can then load the Mac App Store app, click the “Update” tab and click the “Update” button for the macOS update. The app will download and install. Your Mac may reboot a few times during the installation, and it may take awhile.
You can also manually check for a macOS update by loading the Mac App Store app and clicking the “Update” tab, where your Mac will automatically check for any available updates.
Before updating your Android device, make sure it is fully charged and connected to a charger. These updates can take a while, so power is important.
You’ll also want to be connected to the internet via a Wi-Fi connection. Otherwise, you’ll be eating up some of the data on your cellular plan, and a Wi-Fi connection is usually faster.
In addition, before updating your device, make sure you have a recent backup. (Backups are also handy to have if you need to restore your device in case of a ransomware attack. I’ll talk more about that in the next section.)
On your Android device, tap the “Settings” icon. In the Settings menu, look for and tap “About phone,” or the equivalent for your device and version of Android. (These can differ, as manufacturers are allowed to customize and modify the menus on the devices they sell.)
In the “About phone” menu, tap on the “Software Updates” or equivalent menu option.
You’ll see the Software Update screen, which will either tell you that your device is up to date, as seen here, or that there is an update available. If an update is available, tap the “Install Now” button to download and install the update.
When an iOS update is ready, your iPhone, iPad or iPod touch will notify you. When you see the prompt, simply tap the “Install Now” button in the notification.
You can also manually check for and install an update by plugging your device into its charger, making sure you’re connected to the internet via Wi-Fi and doing the following:
- Tap the “Settings” icon on your device’s Home screen to enter the Settings app.
- Tap “General” in the Settings menu.
- Tap “Software Update” in the General menu.
- Your device will check for an available Software Update.
- If an update is available, tap “Download and Install.”
- Depending on how much free space you have remaining on your device, you may be asked if it’s okay to temporarily remove apps to make space for the update files. Tap “Continue.” iOS will reinstall any apps it removed once the update has been completed.
- To update iOS now, tap the “Install” button. If asked, enter your passcode. The update will begin, your device will reboot and prompt you for your passcode once the update has finished.
Backup, Backup, Backup!
I can’t stress strongly enough the importance of backing up your computer or mobile device on a regular basis. Always, make use of a backup solution that will back up your data on a scheduled basis to an external drive.
Time Machine, which is built into macOS, is a great solution for Mac users, while Windows 10 users can take advantage of the built-in Backup and Restore app. Carbon Copy Cloner is a popular option for Mac users who want to make an image of their drive.
Also, while a local backup is a great idea, a cloud backup is also an option you should strongly consider, which, in addition to offering a way to restore data in case of a ransomware infection, also provides a way to recover your data in case of a fire or other disaster that might destroy your local backup.
For mobile devices, users can make use of cloud backup services like iCloud for iOS, or Carbonite and Backblaze for both iOS and Android devices.
iOS users can also back their devices up to their Mac or Windows computer by connecting their device to their computer via a Lightning cable and using iTunes. Similar device-to-computer solutions are available for Android users.
Use Antivirus and Anti-Malware Apps
Never, EVER connect to the internet on your computer or mobile device without running some type of antivirus and anti-malware software.
In this section, we’ll take a look at the options available to protect your Windows, Mac, iOS and Android devices from threats.
It should be noted upfront that while there are plenty of antivirus and malware scanning apps available for Windows, macOS and Android, there are much fewer available for the iOS platform.
This is due to how Apple keeps the iOS operating system locked down as a closed system, only allowing installation of apps via the Cupertino firm’s App Store. Many of the malware threats to the iOS platform have been limited to “jailbroken” devices.
Windows Defender (Windows 10 Only)
When you install and run Windows 10 for the first time, Windows Defender is automatically enabled, offering you basic protection from online threats such as viruses and malware.
The app offers real-time protection against viruses, malware and other threats. It also offers the ability to scan your computer’s hard drive for threats.
Many users are pro-Defender since it’s included as a part of Windows, it automatically protects a new Windows installation and it’s relatively easy to use.
However, other users argue that Defender is not a viable way to protect a computer, as its features are limited compared to other antivirus packages, and it’s an attractive target for hackers due to its wide use (much like Windows itself became an attractive target due to its popularity.)
If you’re looking for simple, easy-to-use protection for your computer, Defender may prove to be enough for your needs. In April 2017, independent IT-security institute AV-Test found that Windows Defender caught 99.9% of “widespread and prevalent” malware, and 98.8% of zero-day attacks.
However, you should be advised that there are better options available. I’ll share some of my favorites below.
For more information, visit the Microsoft website.
BitDefender (Mac, Windows, iOS, Android)
BitDefender for Mac and Windows is a reliable security application, offering protection against malicious websites, a built-in password manager and even a secure browser for use when you want to protect online financial transactions and other security-sensitive online activities.
In addition to real-time virus and malware protection, as well as scanning capabilities, the app provides an anti-phishing module that will warn you when there are malicious links in your search results and even block access to dangerous websites.
Bitdefender on the iPhone and iPad offers only limited functionality, allowing you to check to see if any of your email accounts have been leaked, and an anti-theft module that allows you to locate, lock or wipe a lost or stolen device, which is already possible via iCloud.
In my humble opinion, the app isn’t worth the download, though you may feel differently.
Bitdefender for Android offers much more protection than the iOS app does. The app offers malware scanning, e-mail account security, the ability to lock your apps with a PIN, real-time protection for Chrome and default Android browsers, the ability to track, lock, and wipe your lost or stolen device, and more.
This version is a pay-for-play app, but it offers a 14-day free trial, so you can try it out without putting any money on the table.
For more information, visit the Bitdefender website.
Avast Antivirus (Windows, macOS, Android)
It scans your Wi-Fi network for security issues and intruders, and also stores your passwords for use on websites.
Avast offers paid solutions as well, which adds features such as anti-phishing protection, spam email blocking, a firewall, webcam spying blocking, file shredding and more.
Avast Antivirus 2018 is available for Android devices. The ad-supported app (the ads can be removed with an in-app purchase) scans Android devices for malware and protects users from phishing attacks sent through email, phone calls, websites and SMS messages. The app also provides a PIN-protected photo vault, anti-theft features and more.
For more information, visit the Avast website.
Malwarebytes Anti-Malware (Windows, macOS, Android)
No matter which antivirus solution you select for your Windows, Mac or Android device, I strongly suggest you also install the Malwarebytes malware scanner.
Malwarebytes is designed for one thing, and one thing only: detecting malware that might be hiding on your device.
The free version of Malwarebytes for Mac and Windows scans your computer’s hard drive for malware threats (and does it quite quickly). Most of the scans I perform on my Mac run for around 3 minutes or so.
If any malware is detected, the malware files are “quarantined” in a special directory created by Malwarebytes. Users can then view which files were quarantined and even delete the quarantined files with the click of a button.
The premium version also offers real-time protection against threats. If you’re budget-challenged, the free version will likely provide sufficient protection – just be sure to run the scan periodically.
A free trial period provides all of the premium features for 14 days.
Malwarebytes for Android checks for ransomware, malware and junk files, and also scans for malicious code. It scans for malicious links in emails, texts, websites, Facebook and WhatsApp. In addition, it detects apps that may be tracking your location, attempting to monitor your calls or charge you hidden fees.
The free version of this app does a great job of scanning your Android smartphone or tablet, and does it quickly, meaning you might be more apt to run the app for a scan from time to time.
For more information, visit the Malwarebytes website.
CRAP! I’ve Been Hit by Ransomware! Now What?
Your computer has been hit with ransomware, and now you’re faced with paying the ransom and hoping like hell that the bad guys will give you the key to unlock your precious data.
Don’t do that – only pay as a last resort. There is a good possibility you can recover your data without paying up.
Scareware (Windows and Mac)
Some ransomware is relatively easy to remove. “Scareware” browser screens that claim you have child porn on your hard drive and that your computer is locked are never true. (If you’re actually suspected of being in possession of child porn, the FBI will come knocking on your door, search warrant in hand, bright and early some morning. Just ask Jared from Subway.)
If you’re faced with this type of ransomware, you can usually shut it down by using force-quit on a Mac, or the Windows Task Manager on a Windows machine, to close the browser.
Then you’ll need to run an antivirus and/or malware detection application to remove the files causing the issue. That should clear this pesky critter from your machine.
If your Windows machine is hit by real ransomware and you’re unable to access your data, or even unable to boot your computer to the Windows Desktop, try to do a System Restore to roll your system files to a point before they were infected.
Note: System Restore must have been enabled beforehand, but the good news is that Windows enables it by default, so unless you’ve changed the settings, you’re good to go.
To perform a System Restore in Windows 10, do the following:
- If your computer can boot to the Windows login screen, hold down your Shift key on your keyboard, click the power icon and select “Restart.”
- Your PC should then reboot to the recovery screen.
- Click “Troubleshoot.”
- Click “Advanced Options.”
- Click “System Restore.”
- Wait for the process to complete.
If you can’t access the recovery screens, you can use the USB stick or DVD you installed Windows from to boot the PC to access the recovery tools. You’ll need to click the “Repair Your Computer” option if you have to go this route.
If running System Restore doesn’t do the trick, try running a virus scanner from a bootable disc or USB stick. Bitdefender, Avast and many other antivirus software companies offer scanners that can be used in this manner.
I highly recommend creating a rescue disc or USB stick with apps that can help you in situations like this. Note to self: Write an article telling you how to create a rescue disc/stick.
This is the bad news part of this section: if you have no luck trying any of the above, you will likely need to perform a full restore from a backup or perform a clean reinstallation of Windows.
But, the good news is that you have a good backup of your hard drive, containing all your files, right? Right? Be sure to scan the backup for malware before restoring. No sense in starting this whole thing all over again. (If you need a refresher on backing up your computer, I suggest that back up a bit to the Backup section of this article. BEEP! BEEP! BEEP!)
If you get “lucky” enough to be infected by malware, and it didn’t appear to have encrypted your data, but it still looks like you’re missing some files, the malware may have just hidden them.
Try the following:
- Open a File Explorer window.
- Click the “View” tab in the top pane.
- Click the “Hidden items” checkbox to select it. (A check will appear, showing that it is enabled.)
If your lost data shows up after opting to show your hidden files, you’re golden. Just navigate to “C:\Users\”, open the folder for your username and right-click each hidden folder. Open “Properties” and uncheck the “Hidden” box. Your data should once again be accessible.
The Mac has had relatively few malware attacks compared to the Windows platform. However, as the platform has become more popular in recent years, it has become more popular with hackers looking for a quick ransomware hit.
In February 2017, the Findzip ransomware was discovered. Only a relatively few Mac systems were hit by the ransomware.
The bad news was, even if you did pay the demanded ransom to the parties behind Findzip, they couldn’t give you the key to decrypting your data. Other than a rather involved method of recovery procedure, the only way to get your data back was to restore from a (hopefully) unaffected backup.
Your best bet for recovery from a ransomware attack on your Mac is to have a recent backup of your hard drive, which can be used to restore your files after the ransomware is cleaned, either using an antivirus and/or anti-malware app, or via a reinstallation of the macOS operating system.
What Have We Learned?
Ransomware can infect your computer, encrypt your files and prevent you from accessing your data, forcing you to either pay the price in hard currency or lose the time you’ll spend restoring your system to its former glory.
Practice Safe Computing
Always think twice before downloading files from questionable websites, opening attachments in emails or downloading that pirated movie, album or game. Only install apps from known-safe sources, such as the Windows Store or the Mac App Store.
Backup, Backup, Backup
Always have a recent hard drive backup handy, just in case you are hit by ransomware. In addition to a local backup on an external hard drive or USB stick, also back your files up to the cloud. Offsite backups like cloud backups offer another layer of protection.
Keep Your Computer or Mobile Device Updated
Always keep your devices’ operating systems updated. Either set your computer to automatically update or periodically check for updates.
Both Microsoft and Apple regularly provide updates for Windows 10 and macOS, respectively. Updates usually only take a few minutes and pay dividends by providing patches for recently discovered security holes used by ransomware developers.
Use Antivirus and Anti-Malware Apps
Install antivirus and anti-malware apps on your device. Also be sure to keep the app and its definitions updated to provide the latest in protection for your system.
If your computer or mobile device is hit with malware, don’t panic. Follow the steps I’ve laid out in the paragraphs above, and you’ll have a good chance of recovering your stricken data.
Now, go forth and sin no more! Or, at least use protection.