Ransomware: Explained (and how to help prevent it)

What is The Nastiest Virus Ever?

Back in January 2015, we put up a YouTube video warning you about Cryptolocker, Cryptowall, and its family of ransomware viruses. A quick recap: These nasty buggers usually come to you via email (but sometimes as bogus links or ads on Facebook and other popular websites), posing as legitimate information from FedEx, UPS, or other shipping companies, with a file attached. Opening that attachment results in every bit of your personal information being encrypted – photos, videos, music, documents, databases, EVERYTHING.

After the virus encrypts your data, making it completely unreadable by your computer, it takes the key code (which is for all intents and purposes uncrackable) and hides it on a server halfway around the world. You’re then presented with a message: pay the ransom ($300-$1000, often increasing with time), or lose your stuff permanently.

Don’t think it can happen to you? Think again.

We’re sorry to say that we’ve seen many infected computers in recent months. The first generations of cryptographic ransomware originated around 2008, but there has been a huge resurgence of them over the past year, and we’ve seen everything from mom and dad’s laptop to business-critical desktops devastated by these rogue programs. Sorry to say, there’s no way to recover lost data without paying off these “data terrorists”.

How exactly do the programmers of ransomware find their targets? The short answer is that they don’t. Huge mass emails are sent out to every email address they can get their hands on. If you’ve ever provided your email address to sign in to a web site, there’s a chance that your address will have eventually “escaped” into the wild – whether it was stolen by some sort of hack or attack, or provided to marketing companies who provided it to other marketing companies. Or maybe you publicly posted it once on Facebook. These scam emails go out to millions of people. A small percentage will open the email. A smaller percentage will open the attachment. A yet smaller percentage will pay the ransom.

That tiny percentage is still big enough to make cryptographic ransomware a profitable attack. As the popularity of this scheme grows, the variation of techniques will, too. Don’t expect email to be the only vector you may be infected from. Deceptive advertisements on shady web sites, pop-up scams on typosquatting websites (see what happens if you type “cragistlist.org” instead of “craigslist.org”), and fake Facebook links are all likely vectors as well.

Guarding Yourself from Ransomware

Now that we’ve thoroughly scared you, I bet you’re wondering what you can do to prevent this. Or you may be thinking, “I’ve already got an antivirus program, this can’t affect me.” Unfortunately, traditional antivirus and antimalware products have no effect on cryptographic ransomware, and often don’t detect it until it’s far too late.

There is, however, a free utility out there that we recommend to most of our customers; it’s a “vaccine” produced by BitDefender, one of the best anti-virus companies around. This utility is completely free and runs quietly in the background, helping protect your computer. Click this link to go to the page that leads to it, and look for the third paragraph, which reads “This new tool is available for download on the Bitdefender website.” If you click the words in red, “Bitdefender website”, the utility will download and you will be able to install it once it does.

Protection Does Not Equal Immunity

So, a caveat: just as having MalwareBytes’ AntiMalware installed doesn’t mean that you can’t get malware, having one of these utilities installed doesn’t mean you can’t get cryptographic ransomware. There is no utility that can protect you from yourself, and there is absolutely no substitute for smart surfing.

Never, ever, ever open email attachments that you aren’t expecting. Even if you are expecting a package in the mail, FedEx and UPS don’t email attachments and PDFs – the most you’ll get is an email that contains your tracking number in plain text. Avoid shady websites, and for the love of all that is holy, install a good web browser like Google Chrome or Mozilla Firefox, and PLEASE install the uBlock Origin extension for either/both of these browsers. Chrome and Firefox are regularly updated, fast, secure browsers that, among other advantages, support extensions and add-ons like uBlock Origin. uBlock Origin removes annoying, deceptive, and intrusive advertising from most web pages.

Pay attention when you get odd emails from friends, as well. Even the best of us get spam email, and some spammers and scammers will pose as one of your contacts to get you to look at an email. Look closely: while it may be your friend’s name, is it really their email address that it came from? Why would they send you just a link or an attachment with no explanation?

Read everything twice before you click on it or agree to anything. 99% of malware we find on customer’s computers is malware that they installed themselves, because they didn’t pay attention while installing software. Even legitimate software like Adobe Flash Player will attempt to bundle in McAfee – which we consider malware – if you’re not paying attention and don’t deselect the option which is selected by default. A certain popular free torrenting client bundles in several awful programs, including a bitcoin miner that eats system resources and wears shortens the life of components by running them at full speed whenever the computer is left on and unattended. These bundled software items don’t have to be installed, but if you rush through the installation process and don’t read the boxes before clicking “Next”, you’re going to get something you don’t want.

Use common sense when it comes to pop-ups. Myriad web sites will pop up warnings that “your computer is running slowly”, “you may be infected”, or “click here for free scan”. These warnings are fake and false and are deceptive advertising designed to get you to buy a product you don’t want – at best. At worst they may trick you into downloading some form of malware. Boxes that implore you to call a number to speak to Microsoft support, or phone calls from people with accents that say they need to connect to your computer to fix an error are scams. Microsoft won’t call you or send pop-ups through web pages.

If you have having driver issues with your computer or a peripheral, never download software from any site other than the manufacturer’s. Be wary, searching Google for “[manufacturer name] drivers” often results in deceptive search results near the top of the list. If you have an Asus, go to asus.com. If you have a Lenovo, go to lenovo.com, etc. And never attempt to use utilities like “DriverAssist” – these can actually cause your computer to stop working properly.

Finally, BACK UP YOUR DATA. External hard drives and large USB flash drives are stupid cheap now; OSX and Windows have built-in backup utilities; and between free solutions like Google Drive and Dropbox, and paid solutions like Carbonite and Mozy, there is no excuse not to have your data in more than once place. If the worst happens, you can restore your data safely from your backup.

Final Thoughts

Don’t be scared to use your computer or the internet. While the internet can be a scary place, and it can be dangerous at times, the same can be said for any public place, but nobody’s recommending you barricade yourself in your house and quake in fear. Rather, it serves as a benefit and reassurance for you to be educated about the threats so that you can know how to see them coming and what to do about them if you are attacked.

We want your experience with your computer to be a pleasant one, and we’re always trying to find ways to help you make that happen. If you have questions or concerns about your computer, you can count on us to help you find answers.