Ransomware attacks on the rise

Ransomware is a type of malware that holds the victim’s computer or mobile devices to ransom, either by restricting access to the computer by locking it or by encrypting the user’s files.

During past months there has been a rise in failed, foiled or successful ransomware attacks in Belgium, to include the Flanders Region and the Antwerp Diamond Area. And it appears to be gaining momentum. Cyber criminals have launched new generations of ransomware.

How ransomware works

One way that ransomware can invade your computer or mobile device is through opening infected attachments in emails. These malicious emails may have what looks like regular documents attached (.pdf, .doc, etc.) but once you open them your computer is at risk of becoming infected with malware. Pay particular attention to “.exe” files.

Another way ransomware can infect computers and mobile devices is through visiting certain websites. These may be malicious websites, set up by cyber criminals for the sole purpose of infecting anyone who visits the site, or they may be legitimate websites that have been compromised by cyber criminals and used to spread malware.

Cyber criminals analyze their victim’s profile, often ask for a nominal payment, figuring you will be more likely to pay to avoid the hassle and heartache of dealing with the virus. They may ask for as little as $10 and up to $100,000 to be wired through Bitcoins, Western Union, etc.

Is it possible to regain access to the files without paying the ransom?

The answer is most likely no. They use an RSA-2048 bit encryption key, which cannot be cracked.

Paying the Ransom

Paying the ransom may seem like a realistic response, but it only encourages and funds these cyber criminals. Don’t be tempted to give in and pay the ransom. There is no guarantee that paying the amount or doing what the ransomware tells you will restore access to your computer or files again. On the contrary, they may ask for more money and even publish your files on the Internet.

Protect yourself from ransomware

AWDC SO advises taking these steps to avoid attacks or stay protected after an attack:

1. Make sure your devices and software are fully updated and patched.
2. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up-to-date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
3. Back-up your files and especially your “crown jewels” regularly. Backing-up files to either an external hard drive or to an online backup service diminishes the threat and the impact.
4. Enable your “popup blocker”. Popups are a prime tactic cyber criminals use, so simply avoid accidentally clicking on an infected popup by blocking it. If a popup appears, click on the X in the right-hand corner. The buttons within a popup might have been reprogrammed by the cyber criminals, so do not click on them.
5. Exercise caution. Do not click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.
6. Disconnect from the Internet and shut down the power to the device. If you receive a ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the cyber criminals. The only way you can stop these infections from continuing is if they don’t have power. Once they are running, they are running. 
7. If you have backed up your data you can re-install software. If you don’t feel comfortable doing so or you are unable to start fresh, you may need to take your computer to a reputable IT repair shop.
8. Alert the local police. Ransomware is a serious form of extortion.