Ransomware threatens to make your files inaccessible

Share on Facebook
Tweet on Twitter

You have probably heard the terms malware, adware and spyware before, in which case you know that they refer to different types of unwanted software designed to damage your computer, bombard you with annoying popups, or steal your information.

A recent form of malware growing in popularity is ransomware which, as the name implies, attempts to profit by requesting a ransom for access to your files or computer.

One of the older forms of ransomware locks a victim’s computer on startup, providing a message claiming that their computer has been locked by the FBI due to illegal activities, and requesting they pay a fine to unlock it.

There are several signs this is a scam, ranging from typos to a request for payment in bitcoin, which is typically a preferred payment method for scammers.

In addition, the FBI does not utilize such methods in cases of actual illegal activity and would likely seize the computer itself to investigate its contents.

The software works by adding itself to the system registry. Once it is activated, it then sets itself up to run on start up.

In some cases the user may be able to use Ctrl+Alt+Delete to kill the process, but most well-coded versions will lock the keyboard and desktop completely, requiring the user to boot into safe mode or use the command line to remove it from the registry and delete the start-up files.

The more dangerous forms of ransomware don’t lock your computer but instead, encrypt your files upon activation and request a fee to decrypt them.

According to WIRED, one of the earlier versions was created in 2013 and is known as CryptoLocker. Within 6 months, half a million users had been infected and the FBI estimated the hackers had made about $27 million from about 1.3 percent of victims who paid the ransom.

Since it uses real encryption, there is no practical way to recover your files without the key. While it’s often not clear whether or not you will actually be provided the key upon payment, some versions will allow you to decrypt a file as evidence that it’s possible.

According to PC Magazine, a group of police departments in Maine gave in and decided to pay a $300 ransom after the data on their shared computer system had been encrypted by ransomware.

According to the FBI website, ransomware has been on the rise this year and there has been an increasing number of drive-by infections, in which users become infected simply from visiting a compromised website.

A recent variant of ransomware threatens to release your files publicly if you don’t pay rather than keeping them encrypted.

According to Trend Micro, the variant currently utilizing this approach is known as Chimera and has been spreading around Germany since September. The software typically comes in the form of an email with a business offer or application which links to a dropbox.

Once it is opened, the software begins encrypting files on both local and network drives, giving them the .crypt extension. It then requests a fee of 2.45 bitcoins (roughly $649) to get your data back.

Furthermore, they threaten to release the data publicly if the fee is not paid, but there’s no evidence that this has ever occurred.