Gadgetell | Tech News, Reviews, and Interesting Things

Imagine being on your computer one day, minding your own business, surfing the web-and then suddenly finding yourself locked out of your own computer!  A message pops up on your screen saying control will be returned to you-for a price.  It might even tell you dire things will happen to your files if you don’t pay.  Is it a joke?  No.  Unfortunately you’ve got ransomware.

Where it started

Ransomware is a vicious type of malware that takes over a computer, locks the files away, and demands payment in return for restoring access to them.  At one time it was pretty rare, but it’s begun to become more and more common.  Ransomware was first discovered back in 1989 and used only weak encryption methods.  By 2006 several more powerful variants had hit the net, including Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive.  The most recent one is a Trojan called Gpcode.AK, which uses a 1024 bit RSA key which is computationally impossible to crack without a large, distributed effort.

How it works

All ransomware works pretty much the same.  The malicious code installs itself and goes to work.  It locates the user’s documents folder and either encrypts it, or creates a new file, moves all the documents to it, encrypts that, and deletes all the original files.  The type of encryption used is growing more and more complex.

Once the encryption is complete the victim is presented with a message telling them of the attack and what to do to get their files back.  Usually it involves a payment demand of anywhere from $10 up to $100 or more.  The payment is usually directed to be sent via Western Union or via an online currency service like eGold.

Once the payment is received the user is sent a code that unlocks the files and restores the computer to normal.  Other ransomware variants demand the victim purchase a special removal tool, or in a new twist, purchase a specific amount of drugs from a Russian pharmacy.  In case the victim is skeptical, some ransomware variants add a threat that one file will be permanent deleted every half hour until the ransom demand is met (Fortunately it’s just a hoax - nothing is actually deleted). Some try embarrassment and display pornographic images on the victim’s desktop until the ransom is paid.

How to deal with ransomware

Since the only known way around the ransomware is to reformat the system (and resulting in file loss unless you’ve made regular backups-which you do, right?), the best way to deal with ransomware is not to get infected in the first place.  Most of it uses web based distribution methods, usually pop ups or other drive by downloads that exploit security holes in browsers like IE.

Ignore those popups (and any sites) offering free games, ringtones, screensavers, cute cursors and other junk as they are likely to be malicious. It’s also a good idea to stay away from bittorents and other sites offering pirated music, movies, or software as malware, including ransomware, often lurks within them. 

Finally, keep you anti-virus software up to date and make sure to install all security patches issued by Microsoft - and back up your critical files regularly! You won’t be sorry.