How to prevent and remove ransomware
Published by Lee Munson on September 15, 2015 in Antivirus
Ransomware is a particularly invasive form of malware that takes a victim’s data or device and holds it hostage (or displays bogus claims of illegal activity, porn usage or suggests that a system is already infected with viruses) until a sum of money is handed over in order to secure its release.

Ransomware

While ransomware has existed since around 1989, in the form of the “AIDS” trojan which encrypted files on a hard drive and then demanded a payment of $189 to unlock them again, it is only in the last few years that it has become a significant and global threat. You can read more here on the history of ransomware.

Starting around September 2013, CryptoLocker paved the way for numerous copycats which commonly encrypted all the data on a victim’s storage devices and then demanded a ransom be paid in the form of Bitcoins – a virtual currency that is hard to track.

A recent report from the BBC highlighted just why so many criminals have been jumping on the encryption-with-menaces bandwagon, highlighting research conducted by Trustwave.

The security vendor estimated it would cost around $5,900 (£3,860) to purchase a ransomware kit which, if used to its full potential, could earn its owner up to $90,000 per month – a return on investment of close to 1,500%.

F-Secure’s Chief Technology Officer, Mikko Hypponen, explained how the rise of virtual currency had led to huge profits, saying “Once the criminals were able to collect their ransom without getting caught, nothing was stopping them”.

So how can ransomware find its way onto your computer or network in the first place?

There are many forms of “risky” behaviour that can lead to infection but some of the key ones are:
  • opening malicious attachments appended to emails that typically come from unknown senders
  • clicking through a malicious link presented in an email, social media message, instant message, etc.
  • visiting a website that has been corrupted to deliver malware
  • opening corrupt macros in business applications such as documents and spreadsheets
  • introducing infected programs via inserted media such as CDs, DVDs and USB sticks

How can you prevent ransomware from finding its way onto your system?

Generally speaking, the key to avoiding ransomware, as well as other types of malware, is to steer clear of the behaviour listed above, all of which can be categorised as risky.

Sure, we know business people and home users alike need to open emails and read documents, but a little common sense goes a long way:

  • If you receive an email from someone you don’t know, leave it well alone.
  • If someone you do know sends you an unexpected email – say the title looks off – then do not open it as the sender’s system may itself have been infected with something nasty.
  • Whenever you are surfing online, try to only visit sites you know and trust.
  • If you visit a new site, be on the lookout for warnings in your browser which may alert you to the fact that the site has been compromised.
  • Be careful when inserting media into your computer or anywhere on the network – ransomware and other malware is often transmitted in this way.
  • If you are using Windows, keep User Account Control (UAC) switched on – it will notify you before any changes requiring administrator-level access can be made.
  • Also, ensure you keep up to date with service packs and all security patches.
  • Avoid Flash if possible – this is a common avenue of attack.
  • Finally, or perhaps that should be firstly, make sure your system is protected at all times by a reputable antivirus program or security suite – its scanning abilities will help prevent ransomware and other malicious programs from taking a hold on your system in the first place.
  • Also, don’t forget to back up all your important files on a regular basis. Ideally, your backups should be held in a secure location away from your primary machine or network and not rely upon cloud storage at all. This will ensure that there is no risk of the backups themselves becoming infected with ransomware.

How can you remove ransomware?

Removing ransomware is hard.

So hard in fact that some business users, and even some police departments, have simply paid up to make the problem go away.

As Brian Honan, Founder & Head of Ireland’s CSIRT and Special Advisor on Internet Security to Europol, told us recently:
“Once ransomware has found its way onto your system your choices are limited.

If you are lucky, you will have a working and trusted backup of your system that you can restore. If not then your choices are to either pay the ransom and hope that the criminals will enable you to recover your data and not attack you again, or rebuild your affected computer from scratch and manually rebuild the system and data.

In the case of ransomware, prevention is really better than the cure.So ensure that all your data is safely and securely backed up, regularly check those backups to make sure they work, install reputable anti-virus software on your PC and keep that software updated.

It is also important to keep your operating system, browser, and other software up to date”.
Beyond prevention and preparedness, the only other option used to be professional (“expensive”) services but now there are some good, free, alternative solutions, such as the “Ransomware Response Kit” developed by Jada Cyrus, a well-known security professional.

His kit includes removal tools and detailed instructions for combating various strains of extortion malware, including CryptoLocker, FBIRansomWare and CoinVault.

Even though the criminals behind ransomware often have a sense of honour – they have actually been known to decrypt files after payment has been made – Cyrus suggests not handing over any money as doing so only serves to encourage those behind it to carry on targeting more and more systems.

Leave a Reply

Your email address will not be published. Required fields are marked *