Ransomware: Explained (and how to help prevent it)

What is Ransomware?

Back in January 2015, we put up a YouTube video warning you about ransomware viruses. A quick recap (this video has since been removed as it is out of date): These nasty buggers usually come to you via email (but sometimes as bogus links or ads on Facebook and other popular websites), posing as legitimate information from FedEx, UPS, or other companies, with a file attached. Opening that attachment results in every bit of your personal information being encrypted – photos, videos, music, documents, databases, EVERYTHING.

After the virus encrypts your data, making it completely unreadable by your computer, it takes the key code (which is for all intents and purposes uncrackable) and hides it on a server halfway around the world. You’re then presented with a message: pay the ransom ($300-$1000, often increasing with time), or lose your stuff permanently.

Don’t think it can happen to you? Think again.

We’re sorry to say that we’ve seen many infected computers in recent months. The first generations of cryptographic ransomware originated around 2008, but there was a huge resurgence of them in 2015, and in 2021 we’re seeing many major corporations being held hostage, and we’ve seen everything from mom and dad’s laptop to business-critical desktops devastated by these rogue programs. Sorry to say, there’s often no way to recover lost data without paying off these “data terrorists”.

How exactly do the programmers of ransomware find their targets? The short answer is that they don’t. Huge mass emails are sent out to every email address they can get their hands on. If you’ve ever provided your email address to sign in to a web site, there’s a chance that your address will have eventually “escaped” into the wild – whether it was stolen by some sort of hack or attack, or provided to marketing companies who provided it to other marketing companies. Or maybe you publicly posted it once on Facebook. These scam emails go out to millions of people. A small percentage will open the email. A smaller percentage will open the attachment. A yet smaller percentage will pay the ransom.

That tiny percentage is still big enough to make cryptographic ransomware a profitable attack. As the popularity of this scheme grows, the variation of techniques will, too. Don’t expect email to be the only vector you may be infected from. Deceptive advertisements on shady web sites, pop-up scams on typosquatting websites (see what happens if you type “cragistlist.org” instead of “craigslist.org”), and fake Facebook links are all likely vectors as well.

Guarding Yourself from Ransomware

Now that we’ve thoroughly scared you, I bet you’re wondering what you can do to prevent this. Fortunately, most operating systems have some anti-ransomware-behavior protocols built in now, and if you’re using a third-party antivirus solution, they usually do as well. But…

Protection Does Not Equal Immunity

So, a caveat: just as having MalwareBytes’ AntiMalware installed doesn’t mean that you can’t get malware, having one of these utilities installed doesn’t mean you can’t get cryptographic ransomware. There is no utility that can protect you from yourself, and there is absolutely no substitute for smart surfing.

Never, ever, ever open email attachments that you aren’t expecting. Even if you are expecting a package in the mail, FedEx and UPS don’t email attachments and PDFs – the most you’ll get is an email that contains your tracking number in plain text. Avoid shady websites, install a good web browser like Google Chrome or Mozilla Firefox, and PLEASE install the uBlock Origin extension for either/both of these browsers. Chrome and Firefox are regularly updated, fast, secure browsers that, among other advantages, support extensions and add-ons like uBlock Origin. uBlock Origin removes annoying, deceptive, and intrusive advertising from most web pages, and also blocks some known dangerous content.

Pay attention when you get odd emails from friends, as well. Even the best of us get spam email, and some spammers and scammers will pose as one of your contacts to get you to look at an email. Look closely: while it may be your friend’s name, is it really their email address that it came from? Why would they send you just a link or an attachment with no explanation?

Read everything twice before you click on it or agree to anything. 99% of malware we find on customer’s computers is malware that they installed themselves, because they didn’t pay attention while installing software. Even legitimate software like Adobe Reader will attempt to bundle in McAfee – which we consider malware – if you’re not paying attention and don’t deselect the option which is selected by default. A certain popular free torrenting client bundles in several awful programs, including a bitcoin miner that eats system resources and wears shortens the life of components by running them at full speed whenever the computer is left on and unattended. These bundled software items don’t have to be installed, but if you rush through the installation process and don’t read the boxes before clicking “Next”, you’re going to get something you don’t want.

Use common sense when it comes to pop-ups. Myriad web sites will pop up warnings that “your computer is running slowly”, “you may be infected”, or “click here for free scan”. These warnings are fake and false and are deceptive advertising designed to get you to buy a product you don’t want – at best. At worst they may trick you into downloading some form of malware. Boxes that implore you to call a number to speak to Microsoft support, or phone calls from people with accents that say they need to connect to your computer to fix an error are scams. Microsoft won’t call you or send pop-ups through web pages.

If you have having driver issues with your computer or a peripheral, never download software from any site other than the manufacturer’s. Be wary, searching Google for “[manufacturer name] drivers” often results in deceptive search results near the top of the list. If you have an Asus, go to asus.com. If you have a Lenovo, go to lenovo.com, etc. And never attempt to use utilities like “DriverAssist” – these can actually cause your computer to stop working properly.

Finally, BACK UP YOUR DATA. External hard drives and large USB flash drives are stupid cheap now; OSX and Windows have built-in backup utilities; and between free solutions like Google Drive and Dropbox, and paid solutions like Carbonite and Mozy, there is no excuse not to have your data in more than once place. If the worst happens, you can restore your data safely from your backup.

Final Thoughts

Don’t be scared to use your computer or the internet. While the internet can be a scary place, and it can be dangerous at times, the same can be said for any public place, but nobody’s recommending you barricade yourself in your house and quake in fear. Rather, it serves as a benefit and reassurance for you to be educated about the threats so that you can know how to see them coming and what to do about them if you are attacked.

We want your experience with your computer to be a pleasant one, and we’re always trying to find ways to help you make that happen. If you have questions or concerns about your computer, you can count on us to help you find answers.