Ransomware: what is it and how to get rid of it?

Ransomware what is and how to protect it from malware
Ransomware what is and how to protect it from malware

Last updated: November 24, 2023

Ransomware is malicious software that aims to hold your data hostage in exchange for ransom. To do this, ransomware encrypts your personal data and then the bad guys ask you to pay to get your precious files back.

Modern models of ransomware appeared in Russia initially, but it is noted that the number of attacks of this type has greatly increased in other countries, including Australia, France, the United States.

In November 2012, McAfee, the publisher of security software, reported having registered 120 new samples of this kind of malware.

How does ransomware work?

Ransomware typically spreads in the same way as a computer worm that loads a malicious program. It enters the system through a file downloaded by email or a fault in the network. The latter will target file types with sentimental or practical value (photo, video, DOC, PDF, etc.) and encrypt them with a very strong double key (2048-bit RSA).

After a few minutes, your most sensitive files become inaccessible and a message appears on your screen. The latter invites you to pay a sum of money to recover the private key used for encryption and thus find your data. Of course, the means of payment is discreet: Paypal, Bitcoin, etc.

malware-ransomware-protection

There are indeed other ways ransomware. Some will saturate your screen with porn images to make you pay. The users then go to the cash register to avoid being taken for perverts.

Others will deny access to Windows. The ransomware do not hesitate to pass themselves off as the police or as a government organization! On the warning window, you will be able to see your country's police logo and a message that will tell you that a hacker has used your PC to download movies illegally and that you need to pay a fine. Most of the time people pay for fear of ending up in court.

ransomware-interface

What to do when your data is held hostage?

Vaccinate your PC

Before any infection you can "vaccinate" your PC with CryptoPrevent, but if it is already too late, disconnect your computer from the Internet, even if it means unplugging the box. You can try a disinfection with your antivirus or Malwarebytes.

Know the extent of the damage

To know the extent of the damage, you can use CryptoLocker ScanTool which will tell you which files have been encrypted. If you're infected, you don't have a backup and all hope seems lost, don't pay the evil hackers!

Victims have reported that even after timely payment, the decryption key sent by the hackers did not work!

Identify the type of ransomware

Do a research on the Internet because with a little luck your ransomware is not very sophisticated: some actually work with the same encryption key for all victims. You could therefore recover your data with the key of a victim who has already paid! The site Ransomware Decryptor contains private keys seized during police raids on hackers ... why not give it a try?

kaspersky-ransomware-decryptor
Ransomware Decryptor Interface

 Carry out disinfection protocols

If you think all is lost, there are still some ways to keep hope alive. The Malware Tips site has an entire section on ransomware and offers disinfection protocols.

If, once disinfected, you had no choice but to pay the ransom, it happens that some files are not correctly decrypted (outdated registry key, etc.). The solution is then to decrypt them at the hand with crypto-a-locker, a Python script that will detect and decrypt stubborn files.

How can you protect yourself against ransomware?

Make regular backups

We have seen that ransomware targets files that are dear to you (photos, documents, PDFs, etc.). The simplest is therefore to make regular backups on an external hard drive disconnected from the PC in normal times. The free paragon software will do this very well.. For more comfort, and unless you have a sufficiently large hard drive, you can also make a clone of your system with Macrium Reflect.

Have an updated antivirus

No need to checkout to get resident virus protection. Rasomware often attacks with a simple EXE file contained in a ZIP. Free antiviruses like Avira or Avast will quarantine the file as soon as it moves an ear. You will still need to be sure to renew your license and update the virus database.

Pay attention to emails

Be careful when opening email attachments, especially if they are compressed (zipped) and contain executable files.

EL JAOUARI is an author and trainer. Passionate about IT security and new technologies. His tutorials have helped many people to better master today's computer tools.