Last updated: December 26, 2022
Ransomware is malicious software that aims to hold your data hostage in exchange for ransom. To do this, ransomware encrypts your personal data and then the bad guys ask you to pay to get your precious files back.
Modern models of ransomware appeared in Russia initially, but it is noted that the number of attacks of this type has greatly increased in other countries, including Australia, France, the United States.
In November 2012, McAfee, the publisher of security software, reported having registered 120 new samples of this kind of malware.
How does ransomware work?
Ransomware typically spreads in the same way as a computer worm that loads a malicious program. It enters the system through a file downloaded by email or a fault in the network. The latter will target file types with sentimental or practical value (photo, video, DOC, PDF, etc.) and encrypt them with a very strong double key (2048-bit RSA).
After a few minutes, your most sensitive files become inaccessible and a message appears on your screen. The latter invites you to pay a sum of money to recover the private key used for encryption and thus find your data. Of course, the means of payment is discreet: Paypal, Bitcoin, etc.
There are indeed other ways ransomware. Some will saturate your screen with porn images to make you pay. The users then go to the cash register to avoid being taken for perverts.
Others will deny access to Windows. The ransomware do not hesitate to pass themselves off as the police or as a government organization! On the warning window, you will be able to see your country's police logo and a message that will tell you that a hacker has used your PC to download movies illegally and that you need to pay a fine. Most of the time people pay for fear of ending up in court.
What to do when your data is held hostage?
Vaccinate your PC
Before any infection you can "vaccinate" your PC with CryptoPrevent, but if it is already too late, disconnect your computer from the Internet, even if it means unplugging the box. You can try a disinfection with your antivirus or Malwarebytes.
Know the extent of the damage
To know the extent of the damage, you can use CryptoLocker ScanTool which will tell you which files have been encrypted. If you're infected, you don't have a backup and all hope seems lost, don't pay the evil hackers!
Victims have reported that even after timely payment, the decryption key sent by the hackers did not work!
Identify the type of ransomware
Do a research on the Internet because with a little luck your ransomware is not very sophisticated: some actually work with the same encryption key for all victims. You could therefore recover your data with the key of a victim who has already paid! The site Ransomware Decryptor contains private keys seized during police raids on hackers ... why not give it a try?
Carry out disinfection protocols
If you think that all is lost, there are still a few ways to keep hope alive. The site Malware-Tips has an entire section on ransomware and offers disinfection protocols.
If, once disinfected, you had no choice but to pay the ransom, it happens that some files are not correctly decrypted (outdated registry key, etc.). The solution is then to decrypt them at the hand with crypto-a-locker, a Python script that will detect and decrypt stubborn files.
How can you protect yourself against ransomware?
Make regular backups
We have seen that ransomware targets files that are dear to you (photos, documents, PDFs, etc.). The simplest is therefore to make regular backups on an external hard drive disconnected from the PC in normal times. The free paragon software will do this very well.. For more comfort, and unless you have a sufficiently large hard drive, you can also make a clone of your system with Macrium Reflect.
Have an updated antivirus
No need to checkout to get resident virus protection. Rasomware often attacks with a simple EXE file contained in a ZIP. Free antiviruses like Avira or Avast will quarantine the file as soon as it moves an ear. You will still need to be sure to renew your license and update the virus database.
Pay attention to emails
Be careful when opening email attachments, especially if they are compressed (zipped) and contain executable files.