Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

November 29, 2013

What is ransomware?

How much would you be prepared to pay if your data were held hostage? This might sound like the plot from a Hollywood film but it's a question many users are facing every day thanks to inadequate virus protection.

Ransomware presents a serious threat to business data, as it has the ability to lock access to files until the victim pays the attacker. It is a form of malware that works by encrypting user data until the correct decryption key has been entered. However, users can only gain access to that key by paying the ransom the attacker has set.

This specific type of malware has been around for a while, although criminals are now using it to scam individuals as well as businesses who have traditionally been the prime target. In recent weeks a new variant of Cryptolocker (a type of ransomware) has been affecting UK businesses and it seems the only way to retrieve data other than restoring from backup is to pay the ransom.


How does it work?

Ransomware is often attached via an email, a computer programme that’s been infected or a website which has been compromised. However there have also been examples of more sophisticated infections. A whitepaper from Sophos called ‘Ransomware: Hijacking Your Data’ notes that, in some cases, people have been presented with a message that appears to be from the ‘Federal Bureau of Investigation’. Those victims are then asked to pay a fine because their computer has apparently been used for illegal activities.

Not every type of ransomware will directly ask its victims for money though; the Sophos whitepaper explains that in a similar vein to fake malware, the main purpose of ransomware is to scare its victims into making a purchase. Whereas fake malware will try to persuade users to buy a virus removal programme, ransomware sometimes counts on its victims searching for the problem online.

This is reflected by Google Trends statistics which show that ‘ransomware’ is now more commonly searched for than ‘fake malware’. The attackers depend on this searching as it will often lead victims to buy software from a legitimate website - a technique known as blackhat SEO (search engine optimisation).


What are your options if you become infected?

Sophos suggests that running a reliable backup is the best way to avoid falling victim of ransomware. After all, not only does it seem wrong giving into the bad guys but, even if you do decide to pay the ransom, what guarantee is there that your files will be decrypted afterwards?