December 12, 2016

What is ransomware?

Threats Tips

This post is intended for people who either never heard of ransomware or knew about it but didn’t really pay attention. We will explain in practical, down-to-earth language what ransomware is. Along the way we will also cover why even careful users need to fear ransomware, and how to take proper measures to protect yourself against this type of malware.

What is ransomware?

What is ransomware?

Ransomware is a type of malware that has made fast strides and is now unbelievably pervasive. It comes in two major types: cryptors and blockers.

Having infected a computer, cryptors encrypt valuable data, including documents, photos, game saves, databases, and so on. Once they’re encrypted, the files cannot be opened, and a user cannot access them anymore. The criminals behind the attack then demand ransom in exchange for the encryption key to restore access to the files. Ransom averages about $300.

What is ransomware?

Blockers are so named because they block access to the infected device, which means not only are the victim’s files inaccessible, the entire system is. The ransom demand for a blocker is usually not as large as for a cryptor.

Why you need to know about ransomware

First, ransomware programs are both abundant and prominent. They target all operating systems, such as Windows, Mac OS X, Linux, and Android, which means they can affect desktop computers and mobile devices. The majority of ransomware programs target Windows and Android.

It’s also quite easy to get infected. Most commonly, ransomware infiltrates a computer when a user opens a malicious attachment, clicks on a suspicious link, or installs apps from third-party app stores. However, ransomware can come from legitimate websites: Lately, for example, cybercriminals have been using advertising networks to deliver malware to users.

Alas, it is also pretty easy to fool lots of users into thinking they are opening or downloading something important — like a letter from a bank or a critical program installer — when instead, they are infecting their own devices with ransomware.

Arguably, the main issue with ransomware is that removing the malware does not solve the problem. A good antivirus program, and even some targeted utilities, can typically remove ransomware effectively. But if the malware encrypted your files, you have to decrypt them to get access back.

Moreover, paying ransom is troubling on several levels. First, you may not have the money available. Second, paying motivates cybercriminals to continue with their attacks. Third and perhaps most compelling, you can never be sure that paying ransom will actually solve the problem. According to our research, 20% of victims who paid never got their files back. That should come as no surprise, criminals being criminals. You can’t expect fair play from them.

What is ransomware?

How to decrypt files

If ransomware managed to get inside the system and encrypt your files, you will not be able to decrypt the files on your own. You have, in essence, two options. You could capitulate and pay the ransom — which, for the reasons above, we do not recommend.

The better option is to visit noransom.kaspersky.com and see if we have a decryptor that can decrypt your files. Our decryption tools are available free of charge, although we do not yet have a tool for every crypto-ransomware.

With that said, you don’t have to wait until something bad happens, so go ahead and take preemptive measures.

How to protect yourself from ransomware

  1. Don’t open suspicious e-mail attachments, don’t visit murky websites, and don’t download programs from any sites other than official developer websites and app stores. Learn to spot phishing messages, and do not click on their links.
  2. Do back up regularly. If your files are stored on both PC and external drives or in the cloud, you can just use your antivirus program to remove the ransomware and then restore your files from backup copies.
  3. Install a good antivirus program. Check out Kaspersky Internet Security, which has a unique “System watcher” feature that provides essential protection against ransomware. By the way, in recent independent benchmark tests, Kaspersky Internet Security fought off 100% of the ransomware testers threw at it.

A few weeks ago, we provided more extensive coverage of different types of ransomware and their nature and origins. Now that you’re up to speed on ransomware, check out that post for more information and a handful of useful tips to protect yourself from ransomware. And stay in the loop with our news to learn about the newest strains of ransomware as they emerge.