"Shutdown that bloody computer right now! We’ve just detected it is running a cypher operation on the hard disk! Shut it down now!!" said the guy in charge of the Information Security department to somebody else on the phone just before leaving his desktop in a hurry to get the affected colleague's desktop, a few floors up from there.

Behind this situation, fortunately it is not frequent among our companies but becomes more familiar each day. There really is bad villain of the cyberspace: The dreaded ransomware.

What is ransomware?

Well, something with such a name that cannot be good, and in fact it is a member of the malware family. You can call it a virus if you like.

Now, what makes it so evil?

A ransomware locks all your information, and it does so by using a hard cypher algorithm in the background, and just after it, it removes all of it. So by the end of the process there is only encrypted files in there. It is then our friend shows, and a message pops out in our screen. This message basically tells the affected user (sometimes politer, grammatically correct or not…) that his/her information has been locked, and it shows instructions to recover it too. If you think this is going to be for free I’m so sorry to say that you are wrong. Ransomware suggests to pay an amount of money to some cyber-criminal in order to get the decryption code and unlock your information. The money asked can vary from a few hundreds of pounds until some thousands. The biggest ransom I have ever seen was 40,000.

Some brave users might think about guessing the password, but I have to say cyber criminals are not fans of the "12345" password or similar, they like to set up hard passwords with weird characters and numbers. That’s the way they like it!

"Well... I never store nothing really important in my computer… I wouldn’t pay the ransom". Maybe you wouldn’t because you only had a few photos of your last holidays in Spain with your wife and "lovely" mother-in-law. In this case I understand you wouldn’t pay for the ransom, you should even thank some cyber-criminal to help you to get rid of those photos.

But just imagine for a moment that this happens to one of your company´s computer: the ransomware has lock its local information and shared folders in other servers. All financial information of last years, all your client’s contracts… and even an important offer document you’ve been working on for the last few days. And of course the last available backup is some months old.

A ransomware is as bad as your information matters to you, and it get worse the older your backups are. Sad news is once you get infected and it blocks your information, there are few possibilities of being successful in recovering it. Even the very famous computer friend everybody has won’t have a solution. One solution could be paying the ransom, but… are you sure the cyber-criminal at the other side will be honest enough? He/she has not been honest so far, remember who wrote that piece of malicious software. I strongly recommend not to pay the ransom, because this is the best way to make ransomware developing not profitable at all, and stop the thread.

The best solution to fight ransomware is to prevent it to be loaded in your machine, so what can you do to avoid a ransomware infection?

  • Backup your data, and keep it in a separate external hard disk that will be connected to your computer only when it’s necessary.
  • Show hidden file extensions: Some of the malware use this to camouflage executable files as innocent ones, for example.PDF.EXE.
  • Pay attention to those executable files arrive to your inbox. If you doubt just do not open them.
  • A good antivirus or security suite can help to detect them and prevent from execution.
  • If you suspect your computer could be infected and is encrypting your files, turn it off quickly as you can.

Ok, you just turn off your computer as you think it was encrypting, what can you do? Boot your computer with a Linux Live CD to access to your information in your Windows partition. Then you can do a backup if the files are still there. Once you finish this, you can boot up your computer into the Windows partition, and try to remove the malware with a proper antivirus. If it doesn’t remove it completely, you still have the last option: reinstall your operating system from scratch.

The first software known as ransomware is "AIDS Trojan", also known as "PC Cyborg" first appeared in 1989. It was the first to claim US$189 to "PC Cyborg Corporation", managed by Joseph Popp, to unlock the system. After problems with justice he promised to donate all profits from this malware to fund AIDS research. Many examples of "crypto viral extortion" have come later. On the last years there are some famous names: Reveton, CryptoLocker, Cryptowall and Onion are just a few examples. Just one of these would make me write a full article about it, but at the moment just keep those names in mind, and protect your devices to prevent them to get into your system.

Keep it secure!