What is it? Ransomware is a small program that when it is activated will encrypt the most commonly used files on your computer, such as office files, PDF's and pictures. Some ransomware will even look for attached storage or network shares and encrypt files it finds in those locations. This can be devastating to individuals but for small business and large ones this can mean serious loss of revenue and could even bankrupt some business. A lot of anti-virus companies and professionals will almost always say do not pay the ransom and I would also advise that, as by paying the ransom it just gives more incentive for the cyber thieves to carry out more of these attacks. The reality is that most small business and even some large ones are not prepared for a ransomware attack and there by need to pay the ransom. In most cases it will take 24 to 48 hours to get the decryption key to decrypt your files. Most of these cyber thieves will send the decryption key, but there have been more and more cases that they are not sending the decryption keys. The decryption key itself is in bitcoin which one bit coin is currently $8,793.30
There are many different levels of ransomware also some will encrypt the file but leave the public key. This creates a possibility to reverse engineer the public key and encrypted file to create the decryption key. However this type of ransomware is rarely used any more. There is the ransomware that will encrypt your files and there is other ransomware that will encrypt your entire hard drive requiring you to use another computer to make necessary payments and receive the decryption key.
Your Anti-virus will not detect ransomware as the ransomware itself does not have a footprint of a virus. There have been steps made by a couple of companies to create software to detect ransomware; Malwarebytes is one such company. However this protection will most likely not be enough. So what can you do to protect yourself, honestly very little but you can prepare for worst case scenario. You can't fight ransomware, currently, but being prepared should you happened to get it is key to not losing your data. The best thing you can do is have current offline backups of your data. For small businesses and home users, using a backup company like Crashplan or Carbonite is ideal. These companies use software to store your data in the cloud and they keep multiple copies of your data, depending on how you set your backups. Do not use Dropbox as a solution as dropbox keeps a copy of the data on your computer then syncs it on a change made to a file. The ransomware will encrypt the files in the dropbox folder and dropbox will see the change and sync it to the cloud. Anywhere were you have the dropbox installed will have the encrypted files synced to it.
Other preventative actions you can take is not to click on links in your email. A lot of anti-virus software will remove links from your email to protect you from viruses, malware, and spyware to help protect your computer. Don't open attachments in emails from people you don't know, this is how most viruses and more enter into a PC. As for attachments from people you do know, ask yourself, were you expecting this attachment? Is this someone you communicate with on a regular basis? If the answers are no then do not open it. If you are unsure then reach out to that person. Email accounts are often spoofed or compromised and used by bad people to carry out their malicious activities. Better to have an ounce of precaution than to find yourself at a total loss. Be careful of what gets downloaded onto your computer from websites, if you didn't expect anything to download then delete whatever was downloaded. Good anti-virus will protect you from these types of site but it is not 100% full proof.
If you find yourself in a ransomware situation and you need to pay the ransom do not delay, typically the longer you wait the more it cost. If you need help with ransomware, to get it paid and get the files decrypted then contact me.