Ransomeware: Hackers Now Kidnap Your Computer Files and Want You to Pay to Get Them Back
Posted: Monday, July 21, 2008
by Danny Davids
As if there weren't enough people trying to attack your computer through things like e-mail spam, viruses, Trojans, adware, spyware, and malware. There's a new breed of hacker that's not content with simply screwing up your computer: He holds your data files hostage and demands money to get them back to you. Welcome to the wonderful world of ransomeware.
It's only been around a few years, but ransomeware is quickly becoming more widespread, and the processes used to lock out your data are becoming more sophisticated. As a result, computer experts are concerned that the time may come when even high-end virus packages won't be able to keep up with the myriad of methods these criminals can use to keep you from your data files.
A typical ransomeware attack is a multi-step process. First, the hacker gains access to a computer through a normal virus or Trojan program. Using that He finds data files on the computer and encrypts them using a software key. Then either through an e-mail message or a pop-up window on the computer screen, the hacker informs the user that the files have been encrypted, and requests money to unencrypt your data. If you refuse, the files remain encrypted and you are locked out of your own data files. Or worse, the files are "executed", deleted from your computer several at a time, until payment is received. In that case, the deleted files are lost forever.
So why can't companies like Norton, Symantec, and Cisco remove this threat they way they do with viruses and other -ware programs? In the case of a virus, a small piece of code is inserted into a computer program. Recognizing that signature piece of code for a new virus does take time, but with current software programs designed to look for anomalies within existing software, the process is relatively quick. Not so with encryption keys, the method most ransomeware users utilize to lock up your data. An encryption key is like a code, changing every character within the program or data file to something new. Without the key, you have no way of knowing how to change the characters back to their original values. And with keys running upwards of 600 characters or more, it's becoming extremely difficult and time-consuming to have a computer program run through all the possible permutations to determine what that key is, in spite of the increasing power and speed of our existing computer base. Eventually encryption keys could become so long that it would take literally years for a program to find the right one. And that's time you as a user don't have to wait to get your data back.
What can you do to protect yourself from these types of attacks? Pretty much what you do to protect yourself from other illicit computer breaches. Make sure you're running a virus-scanning program on your computer (these days many ISPs--Internet Service Providers--include virus-scanning capabilities as part of your monthly fee; ask them before running out and buying something off the shelf). Don't open e-mails from sources you don't know, and don't open attachments within e-mails unless you know exactly what the attachment is. Don't indiscriminately download programs from the Internet and install them on your computer. If you have a wireless router that lets you connect wireless devices to your network, make sure they are password protected or that you limit access by NIC card (check with your favorite computer store, your router's manufacturer, or even your ISP to learn how to do this). You should also always notify your ISP if you get any kind of message on your computer concerning viruses, Trojans, or any other kind of -ware program.
And the biggest thing you can do to protect yourself from ransomeware: BACK UP YOUR DATA! Yeah, we're back to this again. But think about it. If you back up your data regularly, and some clown locks you out of what you have on your computer, you have a backup copy that you can access relatively quickly. Be sure that the backup isn't just a copy of the data located in another folder on your hard drive, or on another hard drive on your system. Back up data to CD or DVD, or better yet, to a portable hard drive that you can connect to your PC via a USB port. (In that last scenario, make sure you don't leave the drive plugged into your system after your backup is complete; otherwise it can become encrypted just like any other hard drive on your system.)
There's always some idiot hacker out there trying to keep you from doing what you need to do. Ransomeware is the latest tool in his arsenal to mess up your life, while putting a price tag on your valuable data. Be aware of the methodology he uses to gain access to your computer; protect your computer with the latest virus protection software; watch out for e-mails and attachments from unfamiliar sources; be discriminatory when obtaining files from the Internet; and BACK UP YOUR DATA REGULARLY. Don't let some computer-savvy twit with the social skills of a five-year-old keep you from using what's rightfully yours. It's so much easier--and a heck of a lot cheaper!--to be proactive than reactive.
A typical ransomeware attack is a multi-step process. First, the hacker gains access to a computer through a normal virus or Trojan program. Using that He finds data files on the computer and encrypts them using a software key. Then either through an e-mail message or a pop-up window on the computer screen, the hacker informs the user that the files have been encrypted, and requests money to unencrypt your data. If you refuse, the files remain encrypted and you are locked out of your own data files. Or worse, the files are "executed", deleted from your computer several at a time, until payment is received. In that case, the deleted files are lost forever.
So why can't companies like Norton, Symantec, and Cisco remove this threat they way they do with viruses and other -ware programs? In the case of a virus, a small piece of code is inserted into a computer program. Recognizing that signature piece of code for a new virus does take time, but with current software programs designed to look for anomalies within existing software, the process is relatively quick. Not so with encryption keys, the method most ransomeware users utilize to lock up your data. An encryption key is like a code, changing every character within the program or data file to something new. Without the key, you have no way of knowing how to change the characters back to their original values. And with keys running upwards of 600 characters or more, it's becoming extremely difficult and time-consuming to have a computer program run through all the possible permutations to determine what that key is, in spite of the increasing power and speed of our existing computer base. Eventually encryption keys could become so long that it would take literally years for a program to find the right one. And that's time you as a user don't have to wait to get your data back.
What can you do to protect yourself from these types of attacks? Pretty much what you do to protect yourself from other illicit computer breaches. Make sure you're running a virus-scanning program on your computer (these days many ISPs--Internet Service Providers--include virus-scanning capabilities as part of your monthly fee; ask them before running out and buying something off the shelf). Don't open e-mails from sources you don't know, and don't open attachments within e-mails unless you know exactly what the attachment is. Don't indiscriminately download programs from the Internet and install them on your computer. If you have a wireless router that lets you connect wireless devices to your network, make sure they are password protected or that you limit access by NIC card (check with your favorite computer store, your router's manufacturer, or even your ISP to learn how to do this). You should also always notify your ISP if you get any kind of message on your computer concerning viruses, Trojans, or any other kind of -ware program.
And the biggest thing you can do to protect yourself from ransomeware: BACK UP YOUR DATA! Yeah, we're back to this again. But think about it. If you back up your data regularly, and some clown locks you out of what you have on your computer, you have a backup copy that you can access relatively quickly. Be sure that the backup isn't just a copy of the data located in another folder on your hard drive, or on another hard drive on your system. Back up data to CD or DVD, or better yet, to a portable hard drive that you can connect to your PC via a USB port. (In that last scenario, make sure you don't leave the drive plugged into your system after your backup is complete; otherwise it can become encrypted just like any other hard drive on your system.)
There's always some idiot hacker out there trying to keep you from doing what you need to do. Ransomeware is the latest tool in his arsenal to mess up your life, while putting a price tag on your valuable data. Be aware of the methodology he uses to gain access to your computer; protect your computer with the latest virus protection software; watch out for e-mails and attachments from unfamiliar sources; be discriminatory when obtaining files from the Internet; and BACK UP YOUR DATA REGULARLY. Don't let some computer-savvy twit with the social skills of a five-year-old keep you from using what's rightfully yours. It's so much easier--and a heck of a lot cheaper!--to be proactive than reactive.
This Article has been viewed 1,910 times. (Not updated in real-time.)
Top-level comments on this article: (2 total)Great article! I'd just add one thing in response to "running out and buying something off the shelf" - there's really no need to spend money on software to protect your PC from malware - there's free software out there that does just as good a job (or better) as the commercial stuff.Everyone needs a software firewall and anti-virus software - I recommend AVG Antivirus and Avast! for anti-virus duties. The built-in XP and Vista firewalls are fine, if you want something more powerful then Zone Alarm or Comodo are good options.Spyware Blaster and Spybot Search and Destroy are both great at protecting your PC from malware, and both are free.To get any of the software I've mentioned (its all free), google it! Be aware that there are some malware programs out there that actually pretend to be anti-malware, so don't be fooled - make sure you google the name of the program and if possible check out user reviews. Having a read-around is a good way to get a heads up on potentially dodgy software.Another tip is to use Firefox with Adblock Plus and NoScript plugins (or Opera) instead of Internet Explorer - this helps protect against a lot of nasties because most nasties are written with Internet Explorer in mind.The last and most important tip is this - KEEP YOUR SOFTWARE UPDATED. If you don't, it is pretty much USELESS against new threats!I didn't mention shareware or freeware, Ben, because so much of what I've seen isn't really free. Oh, sure, you can install the program and let it do your scan for you, but when it comes time to remove all that stuff you don't want, you get the message, "To clean these items from your system, purchase this program for $29.95." IMHO, that is NOT a "free trial" and promotes false advertising. The product may work great, but I'm not thrilled with giving you half a solution for free and making you pay for the rest of it.I do heartily agree with you in keeping any software you purchase current.Thanks for your responses.
I agree about those dodgy programs that claim to be a "free trial" and don't actually help unless you pay for them - the programs that do that also tend to be pretty poor quality even once you have paid! I strongly recommend people avoid such programs like the plague!All the ones I mentioned are completely free (some have options to upgrade to premium versions with some extra features, but all of them work perfectly adequately without paying a penny) .. I've used them myself for years (without paying for the extra features) and they've done a great job.
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.