May 21, 2015

How Kaspersky Internet Security protects from ransomware

Advice Malware Products Tips Videos

Ransomware is a kind of malware that steals users’ files and exacts a ransom from its victims. The most effective approach is to encrypt the files and offer decryption keys for ransom — hence why this malicious programming is also referred to as cryptoware.

How Kaspersky Internet Security protects from ransomware

This is a huge problem nowadays, with new examples of ransomware circulating on a regular basis. There’s already a great number of them out there: CryptoLocker, TorrentLocker, PrisonLocker, Cryptowall, CoinVault, TeslaCrypt, CTB-Locker and so on and so forth.

There’s a good reason why this type of malware is so popular among cybercriminals: it is a very profitable business with a clear action plan and direct monetization. Criminals simply infect a person’s computer, block their files, contact them for ransom, and as long as the victim values their files, receive payment.

Ransomware creators are constantly improving their products and implementing more and more evil techniques to escalate their profit. For example, modern ransomware hides its command servers in Tor, which makes it really hard for cyber-investigators to recover encryption keys.

Criminals even offer customer support to help their victims make payments easily. Not to mention that extortionists work hard on ‘distribution solutions’ for their malware — spam and phishing campaigns, huge botnets, etc.

Simply put, ransomware is way too profitable to vanish. It is here to stay and we should learn how to live with it.

The most effective option for ransomware protection is to regularly back up all of your important files. If you have nothing to lose, criminals can’t force you to pay their ransom.

Kaspersky Internet Security offers another option that we refer to as ‘real-time backup when you need it’. The core idea is straightforward: if Kaspersky Internet Security detects some strange modification of your files, it immediately creates fresh copies of these files to prevent them from being ‘stolen’. Then it examines the software that attempted to modify your files. If it is really suspicious, then our product blocks it.

From a user’s point of view it’s quite simple, as you can see in this video:

If you are already a Kaspersky product user, all you need to do is to make sure your Kaspersky Internet Security is properly configured.