Ransomware – The Non Technical Explanation

Posted on Posted in Security

There is a lot of chatter both on the Internet and your local media about something called Ransomware. Wikipedia describes ransomware as ” type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid”. Then it gets into a very lengthy technical discussion that often loses the non tech public. I will try to demystify this complex subject. I’ll break it down into bite size segments that hopefully make sense.

What is it?

As the name ‘Ransom’ suggest it is software that holds you hostage by locking you completely out of your system or encrypting it’s content making that content virtually useless unless you Pay Up. Or so they would have you believe (more on that in a bit). One of the more ingenious and frightening ones works like this. You’d start your day out as normal and turn on your computer. But instead of your log in screen you would see a very official looking law enforcement screen claiming that you are the participant of some heinous crime and must pay a ‘Fine’. There would be instructions on how to pay your fine and your computer would be unlocked, maybe. The good news is this type is now relatively easy to eradicate in the hands of a well trained technician

Then came Cryptolocker and others like it. This one is far more dangerous. The really nasty stuff. Imagine going to open say an Excel spreadsheet or a Word document that you use all the time and it fails to open. You then discover none of your files will open. You might even notice a text file in each folder that was not there before and you can open that. Here, to your horror you see that all of your files have been encrypted with instructions on how to pay your ransom to get the encryption key to unlock your files.  You can’t access any of them. Panic sets in. There have been many, many cases over the world where victims large and small have had to pay this ransom. There is often a timeline associated with the demand at the end of which the key expires and your files will be lost forever. And there is no guarantee they will give you the key after you pay

How does it happen?

I can answer this question with one word. EMAIL. Granted not 100% of all ransomeware originates from email but the vast majority does. We have all seen the spam emails that offer you the world for nothing, you just have to click here to get it. I would venture to say in this day and age these do not fool most of us and end up deleted before even opened. But then there are the creative ones. The ones that look like a legitimate offer coming from someone or an organization you trust. So you open it. The more creative Ransomware authors got you right there. Others actually require you to click on a link within the email. The ransomware has now been ‘installed’ on your computer and it is in the process of encrypting every file on your computer. And you have no idea it is happening until you go to open one of those files. You are now the victim of Ransomware. And no one is immune.

What can I do to prevent this?

Two ways. The first is do some research and install a good Security software that is on top of this issue. I personally use ESET, and there are many more. A local tech expert here in Edmonton recommends WebRoot and he personally uses it.  Other like MalwareBytes, Avast, McAfee and Symantec now have Ransomware Elements. And Mac users don’t get to cocky. The old adage Mac’s Don’t Need Protection is no longer true. Remember not all of the Anti Virus packages protect against ransomeware. Check the feature set to see if they do.Having said that I am still not convinced Security software should be your only line of defence. In my opinion there is only one true way to ensure your data’s safety. Off Site Backups. I am not referring to Off Site Storage either. You need to have a service that backs your files up continuously with the ability to go back to a previous date to recover your files. This is referred to as a sequential backup. It is the only true way to ensure you can recover. I personally use and recommend to my clients a service from Code42. It has served me well over the years and enabled me to get some of my clients out of a jam.

What do I do if I get infected?

Do Not Pay The Ransom. First off report it to the authorities. The Canadian Anti Fraud Centre (CAFC) is a great resource and will guide you through the process of reporting the offence. If you have done your due diligence and created a good offsite sequential backup you can restore your files from that. There have been a number of clients who have had there primary file servers infected. Because they had a great backup we never even entertained the idea of paying. In most of these cases we simply erased the hard drives and restored the files from a backup the day before the infection. Then I would go on an education campaign helping them avoid this in the future

The Bottom Line

Educate yourself. Get online and go to the various security sites. Stay informed. Be aware of new or re-engineered threats and how to avoid them.

Remember to LIKE us on Facebook and follow us on  or