What is ransomware, and what can I do about it?

What is it?

Ransomware acts much like a virus, but is specifically designed to encrypt your files, and hold them for ransom. Typically, users are instructed to call a phone number, and pay a fee to have their files unlocked.

Ransom3-November2015

How does it work?

The number of enterprise victims, like a local school district, being targeted by ransomware is increasing. Usually, the attackers specifically research and target a victim (similar to whale-phishing or spear-phishing – and these in fact may be techniques used to gain access to the network). A typical approach includes:

  1. Someone calls the front office, to gain or confirm some information, typically the a teacher or principal’s information, or superintendent’s information, and informs the person they’re speaking with to expect an email with important documents attached.
  2. The “email” arrives, with one or more attachments, or links to a website.
  3. The user opens the attachment, (and since they’re expecting it) and clicks on the link or downloads the attachment, at which point the computer becomes infected with the ransomware resulting in compromised files, and possibly corrupted data.

The sensitive files are encrypted, and large amounts of money are demanded to restore the files. Generally, the attacker has a list of file extensions or folder locations that the ransomware will target for encryption.

Due to the encryption of the files, it can be practically impossible to reverse-engineer the encryption or “crack” the files without the original encryption key – which only the attackers will have access to.

How does it get on my computer?

Ransomware can get on your computer from nearly any source that any other malware (including viruses) can come from. This includes:

  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore a computer after a ransomware attack – especially if it’s infected by encryption ransomware.

What can I do?

Take the following precautions to prevent an attack, and to protect yourself from possible disruptions to your files, equipment, and sensitive information.

  • Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
  • If you’re ever unsure – don’t click it!
  • Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
  • At Kenston, you should never have to call any technician that isn’t associated with the district’s technology team. If you’re unsure, please call or email us first!
  • Always report suspicious files, emails, or activity to your network team for further containment and possible resolution.

Where can I learn more?

To learn more, please visit these two previously posted articles on protecting yourself from viruses, phishing attacks, and general spam.