617.938.6200
What is Ransomware?
Ransomware is the tool by which cyber criminals exploit unwary computer users, particularly users of Windows XP, Vista, 7 or 8. Whereas a robber stealing from physical banks may hold innocents hostage with a gun to their heads, a cyber criminal uses malicious software to lock down your files. Just as a teller may be pressured to stuff money into the robber's brown burlap sack in this situation, you may be forced to pay the cyber criminal's ransom to regain access your precious files.
CryptoLocker is an example of ransomware that went around terrorizing users and locking down their files. CryptoLocker was eventually defeated and disabled, but its unfortunate effectiveness led to other cyber criminals developing their own further-evolved ransomware spin-offs, such as TorrentLocker.
Malware Distribution Process
For ransomware to take hold over your computer, it must first gain access. Email distribution is a common method. The emails disguise themselves to feign legitimacy - business correspondence, notifications of shipping, etc.
These fakes contain ZIP files disguised as PDFs, links to phishing sites, or any other trick that will end up infecting your computer. Downloading them causes the invading ransomware to scan your computer, attaching a new appendage to a ton of your files: .encrypted. It detects files with certain extensions, such as .doc, .rar, .css, .jpg, and so much more. This amounts to pretty much all of your text files, documents, pictures and videos being encrypted and locked down from access.
Expanding upon the basic nefarious suite of CryptoLocker, TorrentLocker takes the encryption to an extended level. It will dig further than just the files on your computer, looking into removable drives, network shares, and even DropBox mappings. It then deletes the Shadow Volume Copies of encrypted files, denying a method of file restoration.
After encrypting everything you own and love, the ransomware leaves a ransom note on your desktop. It graciously informs you that you've been infected and all your files are locked down, as if you couldn't tell already. In order to recover them, you must pay a given amount of currency to your resident criminal for a private key that will restore access.
Even if you pay, it's not guaranteed you'll actually receive a key to liberate your computer. You're dealing with shady criminals, after all. Can't forget that.
Preventative Measures
Having your important personal information held hostage is far from a comfortable situation. Therefore, taking precautions to avoid ransomware in the first place can save you a massive headache - and potentially a large chunk of money.
Unfortunately, there are no sure-fire preventative measures. Of course, being cautious with your email and taking a moment to think before opening any attachment is critical. Do I know who this sender is? Was I expecting this correspondence and its attachment? Is something off with this email?
For advanced measures, you can set Software Restriction Policies that block executables from running when located in the specific paths that lead to your files being encrypted.
Coping Measures
Still, one erroneous click is all it takes for ransomware to place its shadowy grasp over your precious files. If you even suspect a file you opened may have contained malicious software, whip out the anti-virus/anti-malware program and run it immediately. When the ransom note appears, it's too late to try mitigating any damage. Paying the criminals only propogates their crimes and encourages their operations to continue.
Alternative decrypting methods are not always successful, but they're worth a shot. Restoring your files from an external backup can work, if you have one. Reverting to a System Restore Point prior to the attack is another option, but modern ransomware tries to prevent that via deleting the Shadow Volume Copies. File recovery software like R-STUDIO is another possiblity. If you used DropBox as a drive letter, you may be able to restore encrypted files via their website.
Lastly, if you have your data backed up on the Cloud, a situation like this could make you quite thankful for it.
Cyber criminals depend on you to not have one of these failsafes prepared. Make sure you do.
Malignant Evolution
The importance of knowing how to handle ransomware grows as the ransomware itself continues to evolve. Just recently, a new variant known as TeslaCrypt was discovered. It targets the $81 billion video game market, encrypting local game files of value such as saves and replays - all this in addition to encrypting everything else on your computer.
The worst part is that it's currently unknown how TeslaCrypt is distributed - reinforcing the notion that taking precautions, and being skeptical with any executables, are worth keeping in mind.
Sources: http://www.bleepingcomputer.com/virus-removal/torrentlocker-cryptolocker-ransomware-information
http://www.theguardian.com/technology/2014/jun/03/cryptolocker-what-you-need-to-know
