Ransomware, also known as encryption Trojans or extortion Trojans, is malicious software, or malware. This malware infiltrates your computer system and causes damage. With ransomware, the damage consists of the malware encrypting important data or even the entire computer, preventing access. Cybercriminals are behind ransomware attacks, demanding a ransom for releasing or unlocking the PC and data. Of course, it is questionable whether the criminals will decrypt your system after payment of the "ransom." Therefore, it is best to follow the security tips in this blog post and protect yourself as much as possible from this fraudulent scam.
What types of ransomware are there?
There are 2 types of ransomware: Locker ransomware and Crypto ransomware.
1. Locker ransomware locks the entire computer
This type of extortion Trojan blocks certain input options and programs, preventing victims from using their computer. You can only access your system and data again after paying; at least in theory. The data itself is not encrypted by locker Trojans. Whether victims receive the key after payment is another question.
2. Crypto ransomware encrypts files
This type of extortion Trojan specifically seeks out important files such as documents, images, or videos and encrypts them. All basic PC functions remain intact. Users can see their data but cannot open it. Extremely perfidious: Instead of the file, a countdown opens, ticking down the time until the ransom must be paid. Otherwise, according to the extortionists' strategy, the Trojan deletes the encrypted data.
The commonality of both types of ransomware: to get rid of the Trojan, a ransom must be paid. What happens next – whether you receive a decryption code or a new bill – only the criminals know.
Is the ransomware business profitable for cybercriminals?
Whether Locky, BKA Trojan, Wanna Cry, Bad Rabbit, EvilQuest, CryptoWall, Trojan, or whatever they are called: The list of ransomware is long. It shows that the ransom business is still profitable for cybercriminals. The sums that can be earned are still immense.
- The BKA Trojan enriched its "creators" by several million euros.
- The sum of ransoms (ransom) that CryptoWall developers were able to obtain is estimated at 18 million US dollars.
Despite increasingly better protection software, the ransomware business still seems lucrative for criminals. Not only companies are now the focus of criminals. Ordinary users also fall victim to this extortion.
How does ransomware get onto your PC?
Today, most PC users have antivirus software / a security program. This helps in detecting, blocking, and removing malware. The program provides security. Many attacks are already prevented this way. Nevertheless, cybercriminals constantly find ways to smuggle their malware past these security solutions onto the computers and systems of their victims. The way a ransomware attack works and is executed is well known. This works, for example, via:
- Email attachments that users carelessly open.
- Links in emails that are disguised as buttons, making it difficult for some users to recognize where the links lead.
- Often, an attack and a ransomware attack also occur via certain websites. Files (music, movies, software, etc.) that are downloaded and then opened too carelessly on (mostly illegal) sites are another source.
- USB sticks that are left somewhere and found. Experiments in companies repeatedly show how quickly a (malicious) file on a randomly found USB stick could find its way into the internal company network.
There are therefore enough ways to bring Trojans onto a foreign PC. Usually, the user is the crucial weak point.
Can you protect yourself from ransomware?
100% protection and absolute security do not exist. For anyone. However, the risk of infection or encryption can be minimized.
Four tips to significantly minimize the risk of a fraudulent scam.
An important component to minimize the risk of infection is good antivirus software that also protects against ransomware and Trojans. Avoiding unknown/dubious sites and ignoring unknown email attachments also minimizes the risk. If you heed this, you are already well protected against all currently known Trojans – and probably also against some Trojans that are currently being developed. However, no one can guarantee this. Therefore, it is also important to adhere to a few basic rules in daily use of the PC and the internet. Below are four tips on this.
1. Close potential entry points for malware and ransomware
Closing entry points means that you must regularly update your software to avoid security vulnerabilities. You can read why you should absolutely do this and for which programs (and operating systems) regular updates are particularly important in this still very current blog post: Update software, close security vulnerabilities:
2. Critically check attachments and links in emails
Files as email attachments from an unknown sender: It is now widely known that these attachments must under no circumstances be opened. Likewise, unknown senders often disguise themselves and at first glance look similar to known senders – for example, like your own bank. Caution is still advised here.
But not only attachments are taboo. One should also not carelessly click on links and redirects in emails. These can lead directly to malicious websites that install malware on the visitor's computer without prompting or phish their login data (keyword phishing). To recognize such links, simply move the mouse pointer over the link in the email (or the button, which in an email has the function of a link). Important: only move the pointer to the position, but DO NOT click. This way you can take a look at the URL and see on which page you will land as soon as you click on the link. The more cryptic the link, the more carefully you should check the email and the sender.
3. Use bookmarks for important websites
Typos can happen, even when navigating to websites. Depending on how and how much you mistype, it could, however, become dangerous. Because then you might not end up on https://engelmann.com/de/blog/, but on another, malicious site. Sounds absurd, but this scenario is more than just a theoretical, extremely unlikely possibility. Cybercriminals deliberately secure domains that are very similar to those of popular and highly frequented sites. Thus, with typos, one can actually land on a malicious site. To prevent this, create a bookmark register of your most important sites and add https://engelmann.com/de/blog/ to this library right away :)
4. Back up data on an external hard drive or in the cloud
No matter which security article you read on our blog, this advice always applies. If you have backed up all data on an external hard drive or in the cloud, it actually doesn't matter if certain files are encrypted by a Trojan. You have a unified file as a backup - and all your important data on it. But beware: Only reconnect your backup to your "infected" PC when you are absolutely sure that the Trojan has been eliminated. Otherwise, the Trojan could encrypt the data on your PC as well as the data in your backup.
What can you do if a Trojan has encrypted your data or your PC?
If you have a current backup, you are in the best starting position. Then you file a criminal complaint, secure evidence, and format the infected PC before reuse. However, users do not always have a current backup of all affected files. Below is a list of things we recommend after an infection with an encryption Trojan:
1. File a complaint
You should definitely report cybercrime to the nearest police station. You can find a first point of contact and further information here: https://www.polizei-dein-partner.de/themen/internet-mobil/detailansicht-internet-mobil/artikel/internetkriminalitaet-auf-jeden-fall-anzeigen.html
2. Never pay
You don't have a backup and are worried about your data? You should know that paying the demanded ransom unfortunately does not guarantee that your data will be decrypted. Additionally, paying ransom is morally wrong, because with this money you keep the extortionists and their business model going. You should also consider: If you have made a payment, the perpetrators know your bank details. And for extortionists, you are a willing victim. You could be selected again for future attacks with ransomware.
3. Ask experts for help or use expert tools
Depending on the form and quality of the Trojan, IT forensics experts and forensics specialists may well be able to get the system running again and crack the encryption. Companies in particular make use of this, as the damage caused by encryption Trojans can quickly run into millions. An option that is certainly not available to the average user.
But there are tools with which even a layman can do what the IT experts ultimately do. With the SecuPerts Rescue Stick, for example, you can start your own Linux-based operating system using a bootable USB stick. This allows you to access your damaged or encrypted system from the outside. Since antivirus software is on board with the Rescue Stick, you may already be able to eliminate the malware with this security tool. In any case, you can use the stick to recover data – and that is certainly the order of the day in this situation. Decrypting your system may then no longer be necessary.
Important: The tool works more reliably with locker Trojans, as only the computer, but not the files, are locked here. You have less chance against crypto Trojans, as these directly encrypt the data. For crypto Trojans, it usually only helps to wait. Perhaps the perpetrators will be caught or a key will be found over time. Then, with a bit of luck, you will regain access to your data – and without having paid money to the extortionists.
