Ransomware Goes Viral: What You Need to Know

istock 86999537 small

If you’re one of the thousands of computer users who now get hit by ransomware every day, there can be no greater frustration than seeing your desktop image change from its usual serene outdoor scene to a ransom note.

“ATTENTION!” The note reads in a typical case. “All your files were encrypted by CryLocker!” But “cry not,” the note might go on to urge, as all of the documents, photos, videos, and other files on your computer are easily decrypted. That is, as long as you are willing to pay the Bitcoin equivalent of $500 for the decryption key. And the price goes up if you hesitate more than a few days.

Ransomware is not only on the rise, but it’s proliferating quickly, and it’s mutating. New variants with new capabilities have emerged, making this major threat more dangerous than ever. And with the same encryption used by cybercrooks as major banks, cracking the code to release your files is often all but impossible. Fortunately there is one sure method for recovering encrypted files that doesn’t require paying a ransom. That method is backup.

An Increasing Toll

According to the U.S. government, some 4,000 ransomware attacks are carried out every single day, a 300% increase from just last year, and the number is still rising. That’s because ransomware has emerged as one of the most profitable businesses for cybercriminals, complete with affiliate distribution networks allowing even technically unsophisticated criminals to get in on the action.

The attacks are especially devastating given that even paying a ransom is no guarantee that files will be decrypted, says an interagency ransomware security brief released recently by the U.S. Department of Justice. Paying a ransom, the brief says, “only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.”

Multiple Variants, Same M.O.

Ransomware infections are increasing in their variants as well as their frequency. New ransomware types appear at a rapid clip, and old ones are continually upgraded, just as in the regular software business. In fact, ransomware as an industry has taken on many of the trappings of its legitimate counterpart. There’s even an increasing focus on “customer” service geared toward helping victims make their payments quickly and efficiently. How ransomware works, however, remains similar across all variations.

First, a user’s computer is infected. This can occur when a user clicks on a link in an email designed to look legitimate. Cybercrooks may send emails to potential victims claiming to be from a major credit card rewards program and inviting them to view details in an attached file. Opening the file infects the victim’s computer.

Next, the ransomware may connect with a remote command and control server to send details back to the crooks about the victim’s computer, including—in an especially nasty variant—the victim’s physical location, calculated from information about the victim’s nearby wireless networks.

The ransomware then gets to work encrypting the victim’s files, after which it displays the ransom note. Ransoms are typically requested in Bitcoin, a digital currency that is difficult to trace. “Helpful” documentation may walk victims through the steps necessary to convert local currencies into Bitcoins, often with a timer running to show the victim when the ransom will increase.


An alert released by the U.S. Department of Homeland Security in collaboration with the Canadian Cyber Incident Response Centre this year recommends a number of measures to protect against ransomware attacks.

Among these countermeasures is application whitelisting, available for both Mac and Windows. This feature allows you to specify which programs are allowed to run on your computer. Says the government alert, “Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.”

The alert also recommends keeping both your operating system and all of the software you use updated with the latest upgrades and patches to plug any potential security holes that could be exploited by malware, including ransomware. Anti-virus software can also help protect your computer, as long as you use it to scan all software downloaded from the internet and keep it up to date.

The government alert advises against enabling macros in email attachments, as macros are one way in which malware can be executed. And of course, the government also advises against following unsolicited links in emails. Should you be infected, they do not advise you to pay the ransom.

Backup, the Best Protection

At the top of the government’s list of solutions—and the most effective countermeasure—is backup. When all else fails, secure and comprehensive backup protects you by storing all of your files and data safely away from your computer and any malware infection that might be present.

The best backup solutions work continuously, behind the scenes, quietly updating every file on every device you own. An online portal lets you see the status off all of your backups, and allows for quick and easy restoration of anything from a single file to an entire computer or device. Backups can be stored locally, but for best results, backups should also be stored in the cloud as part of a hybrid solution. In the cloud, data can be securely accessed no matter what happens to local copies or your devices.

With a secure and robust solution in place that is easy to use (so that you actually will use it) protecting all of your devices, the dreaded ransom note desktop image loses its sting. Far from becoming a major source of frustration, thanks to backup, a ransomware infection then becomes a minor annoyance to be swatted away with a few clicks of a mouse to turn back the clock, and reset your computer to its pre-infection state.

Of course, to be truly effective against ransomware, a backup solution has to be in place before infection occurs—afterwards is too late.

Visit us here to learn how Acronis True Image 2017 can help keep your personal data safe from ransomware.