By Marc-André Gagnon, information security specialist.
How much would you be willing to pay to recover your term paper? Your family photos and videos? Your business documents?
Those are the questions you’ll have to answer if you fall victim to ransomware, a type of computer virus that is striking more than ever before. Ransomware uses industry best practices to block access to your data by encrypting it. That means you can’t access your files without decrypting them—and you’ll need a decryption key to do it. The creator of the virus may (or may not) provide you with the decryption key in exchange for a ransom, which is usually paid using virtual money (i.e., Bitcoin). In dollars, you can expect to pay anywhere from $500 to $1,000 for a typical ransom.
Ransoms charged to businesses are much higher, reaching $10,000 or more.
You usually have 24 to 72 hours to pay, and the ransom amount may increase as time passes.
It’s easy to see how this kind of extortion is very lucrative for fraudsters.
Figure 1 - Ransom message used in the WannaCry attack
Don’t let your guard down
Like with any virus, there are lots of ways your computer can become infected with ransomware, including:
Email containing an infected attachment or link
Software downloaded from a non-official site (e.g., BitTorrent)
Legitimate websites that are temporarily compromised may prompt you to download malware (e.g., a fake Adobe Flash update)
Being on the same network as an infected computer, especially if your device doesn’t have the latest updates
Malicious apps downloaded from Google Play Store or Apple App Store
Windows and Android platforms are targeted most often, though there are some variants for Apple OSX and iOS.
What does this mean for you? Remaining vigilant is essential, as is having an enabled, up-to-date virus checker. There are no more excuses, especially since Microsoft offers Windows Defender for free.
What to do if you get infected
Before you do anything else, disconnect your USB key, hard drive and network cables, and turn off your WiFi. The idea is to prevent the ransomware from encrypting the data on your synched drives (Google Drive, OneDrive, iCloud, Dropbox, etc.), peripheral devices and other devices on your network. If you have a corporate workstation, or if you are simply at the office, let the tech support team know right away. Encrypting information takes time, so if you have just been infected, you may be able to limit the damage by shutting down your computer.
Do not pay the ransom. There’s no guarantee that you will get your data back. Don’t forget that you’re dealing with a dishonest fraudster, so don’t expect great after-sales service! In fact, some types of ransomware don’t even allow decryption after payment. They’re bluffing!
If you can, bring your computer to a repair centre to see if some files can be recovered. Some ransomware is worse than others.
At the end of the day, the only 100% viable strategy is to reinstall and restore your backed-up data. You have backed up your files, haven’t you?