What is ransomware?

It is just another malware, and it is also a special type of malware. Malware is classified into different types, such as worm, virus, Trojan and ransomware caught attention from many starting from around 2012.

Most malware nowadays aimed at making money. Some malware resides silently in your computers or mobile devices, and attempt to collect confidential information, such as credit card numbers with CCV, and credentials of your online accounts for email and online banking. Distinctively, ransomware tries to kidnap your data or devices and demand money for returning them. Some ransomware is also capable of locking your computers or mobile phones.

How could data be kidnapped!?

Technology is always a double-edged sword. Usually, ransomware comes with a sophisticated encryption algorithm, which locks your devices or encrypts data on your computer systems. Encryption assured that data is only known to those that possess the corresponding decryption key. In other words, without the decryption key, it is hardly possible to unlock the device or data hostage.

What will happen after data being kidnapped?

Normally, you will receive a letter or message from the kidnapper, demanding you to deposit a certain amount into an offshore bank account, PayPal or through Bitcoins. Amounts vary from few hundred US dollars to thousands. The amount demanded by the kidnapper in Sony Picture's incident in 2014 was not publicly announced, but it was believed to be sky-high.

Does paying the ransoms work out?

The answer is a big NO. Usually, the kidnappers either disappear or ask for more. Unfortunately, data or systems are actually gone after being kidnapped. Besides, making a payment also put your banking information at risk. Even though there are malware removers which could clean the ransomware from infected computer or mobile devices, it is hardly possible to decrypt the encrypted data. For devices, typically a factory reset is needed.

How to prevent from being the next victim?

As stated in the very being, ransomware is just another malware; hence, all those means applicable in preventing malware infection also applies. Just to recall a few, same old tactics are:

  • install and configure anti-virus software so that the virus definition files are current, routinely and automatically updated;
  • applying security patches, reboot regularly and after patched, and power off your computer when not in use;
  • do not open suspicious or phishing emails, and email attachments;
  • applying web filters and refrain from browsing unknown websites.
  • In particular, regular backup is of utmost importance, as this is the last resort for rescuing your data.

See also: