According to the United States Government “On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015”.
Ransomware starts its infection as a Trojan which is a program that is used to hack a computer by deceiving the user of its true intent. According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. The hackers start by seeding legitimate websites with pernicious code, taking advantage of unpatched software on end-user computers.”
Once the ransomware program gains access to the device it begins encryption. Once encryption is completed, the victim usually finds all the files in their picture, document and music libraries to have been encrypted and are no longer able to be viewed, read or listened to. Ransomware comes in more than a few versions, but some of the more well-known threats are Reveton, CryptoLocker, CryptoLocker.F, TorrentLocker, CryptoWall and Fusob.
Once encryption is completed a message will be displayed. The scams come in a huge variety, for example, some pretend to be an official government program, and others exhibit a plain old fashioned extortion letter and many others. The message at its core is always the same, however, “pay us money, or lose your data”. The black hats usually include payment instructions that include wire transfers, premium-rate text messages, pre-paid voucher services, and digital currency such as Bitcoin.
Can you recover your data on your own? There are many resources on the internet that are helpful, and some solutions can be found online, especially if you are able to identify the encryption method. That having been said there is no single answer for the ransomware question. To date, there is no one software package or company that can guarantee results %100 of the time. Trying to recover files that have been encrypted can be time-consuming and very costly.
Should you pay the ransom? There have been reports that paying off these criminals has resulted in regaining access to locked data. Many others have reported that they have paid, and have had no response since doing so and consequently are still not able to access their data. The calculation seems to depend on how much trust a proven criminal should be given, versus how important your data is. There is no easy answer.
One of the most important things you can do when first faced with ransomware is to take action swiftly. Turn the device off as soon as possible. Then take the device to a reputable expert.
When it comes to ransomware an ounce of prevention is worth a ton of cure. Keeping your operating system up to date is a good first step. Using a proven antivirus or security suite and keeping it up to date is another step in the right direction. Routinely backing up data, both on-site and off-site is crucial. Some of the most important things you can do to avoid the cost and loss of data is to be aware that ransomware and other security threats are out there. Avoid responding to email and popups from unknown sources and add extra security add-ons to your browsers when available.
Disclaimer: The content in this article is the opinion of the writer and does not necessarily reflect the policies or opinions of US Patriot Tactical.