Ransomware is one of the greatest threats to cybersecurity today. It’s grown in power as more people keep their sensitive data on their computers, too. That data is a prime target for hackers, especially if it’s not protected or backed up.
We’re here to help you understand what ransomware is and how you can protect yourself from it. We’ll define the malware broadly, then delve into the specifics of the two major archetypes. We’ll give you tips for removing ransomware and preventing it in the first place, as well.
As with any malware, the best protection is taking proper precautions. Ransomware will continue to be a threat to cybersecurity as long as people store sensitive data on their computers. If you use online backup and a strong antivirus, though, you won’t be a victim.
What Is Ransomware?
Ransomware is malware used for extortion over the internet. It’s a buzzword that most antivirus providers form their software around now, but it’s been a threat for a while. It tries to lock or deny access to key files until a user pays a ransom to get those files back.
That wasn’t always the case, though. Despite a brief attempt at crypto ransomware in 1989, which we will discuss later, the first notable consumer threat was misleading applications. They live in the ransomware category but are more accurately referred to as “scareware.”
Examples of misleading applications are registry cleaners, disk defragmenters and fake spyware removal. You’d download the application, it’d run a bogus scan of your computer and report that there was an innumerable amount of problems. You’d then be prompted to pay the $50 or so fee to unlock the software to resolve them.
Of course, those issues were never there and finding the file with an antivirus and removing it stopped the incessant prompting. Hackers jumped on the bandwagon, though, developing mock antiviruses that go through the same loop as any other misleading application.
If you were a heavy internet user during 2010 to 2012, you’ve likely seen advertisements for rogue security software. Hackers hijacked the ad space on websites to show off their fake security software as if it were legitimate.
People adapt, though. Hackers began applying more pressure in their schemes and, as people stopped falling for their social engineering tricks, hackers looked to force action. That’s how we got to the two main forms of ransomware today.
While scareware is technically a type of ransomware, it’s ineffective and no longer a threat. The other forms are dangerous, though, so we’ll focus on them for this guide.
Types of Ransomware
Symantec groups ransomware into two broad categories, so we’ll use those to identify the forms you may encounter. Symantec is behind Norton, which we took kindly to in our Norton Security review.
Locker ransomware, or computer lock, is the less dangerous form of the malware. As you boot up, you’ll be sent to a lock screen, generally designed to look like a federal government website or credit card agency, and asked to pay a fee before you can access your computer.
The important takeaway is that locker ransomware denies access, but doesn’t mess with your files, meaning removal of the malware can restore your computer to its original state.
That takes technical proficiency, though, as the malware masquerades as a legitimate agency in much the same way as phishing schemes. Hackers use it as a method of social engineering, pressuring the victim to pay the ransom or else face a massive fine or, in some cases, jail time.
The claims are bogus, but those unfamiliar with this sort of attack can easily become anxious. There are no countries, that we know of, at least, that hijack your computer and ask for a fine before restoring it. They’ll just steal your data and use it against you.
Locker attacks are becoming less effective as antiviruses can detect and remove it before the operating system loads. Even so, Symantec has concerns about the future with locker ransomware as the internet of things gains traction. It says, “… millions of connected devices could potentially be at risk from this type of ransomware.”
Crypto ransomware is the stuff of nightmares. Instead of denying you access, crypto ransomware finds your sensitive data and encrypts it, holding the decryption key above your head until you pay the ransom. That is, if the key exists at all.
Instead of phony pressure, this form is real. Crypto ransomware makes no attempts to hide behind a mask. It tells you that your data is gone unless you can pay enough money to get it back. As more data is stored digitally, such as bank statements and medical records, the pressure to pay the ransom increases.
While tempting, it’s important that you ignore demands for payment and find a way to remove the malware, which we’ll cover in the next section. The attacker found a way to steal your data and deny you access, anyway, so the probability of them giving you the key after you pay the ransom is low.
Crypto ransomware can live on your machine undetected for a while, especially if you’re not using an antivirus. That’s the intention, in fact, so the program has enough time to locate your key files and encrypt them.
After the ransomware has done its work, you’ll be prompted to pay, generally with cryptocurrency through a dark web payment portal. The dark web is different from the deep web, which you can learn about in our guide to accessing the deep web.
Ransomware began with this type of attack. In 1989, the AIDS Trojan was sent through regular mail as a 5.25” floppy disk. As with any trojan, the goal was to look like legitimate software, then encrypt root files on the user’s hard drive and hold it for ransom instead.
It was unsuccessful, though, as few people were using computers and the ones who did generally were using them for work. Crypto ransomware is where this attack started and, now, hackers are returning to it.
In the early 2010s, misleading applications and fake antiviruses ran the ransomware game. It’s known as “scareware.” With fake antiviruses, the user would see many infected files on their computer and be prompted to pay to fix them.
It was a crafty scam, but computer users today are much savvier. As such, hackers no longer feel the need to hide behind a sketchy interface and a name like “Nortel Antivirus” to make money. They go right to the source, unapologetically.
How to Remove Ransomware
Removing ransomware risks taking your files with it, so it’s critical you backup using a good online backup service. We’ll talk about that later. Our method will remove the malware from your machine, but it won’t decrypt your files. If you’ve got ransomware that has encrypted your data, you’re not getting it back without the proper key or a special decrypter tool.
Lock screen ransomware can be removed, though. There are forms of crypto ransomware that hide your files and folders instead of encrypting them. You can recover your files from them, too.
The first step is to boot up Windows recovery mode. You can access it by holding shift while rebooting from the Windows login screen or pressing F8 before Windows loads.
If you have lock screen ransomware, you’ll need to restore your computer using a Windows restore point. Of course, that requires that Windows has a restore point to revert back to. In the Windows repair settings, follow “troubleshoot > advanced options > system restore” to find the settings.
That’s the first check. If you can get into Windows after you’ve restored, then you’ve bypassed the malware enough for an antivirus scan. Make sure you boot into safe mode, though, and run the scan offline.
If you still can’t access Windows, you’ll have to deal with the problem before Windows loads. Many antiviruses allow you to create a bootable disc or USB drive that performs a scan automatically. AVG, our first pick for the best free antivirus software, is one example (read our AVG review).
For most ransomware, using a system restore point or running a bootable scan should do the trick. If you have something really bad, you may need to do a clean install of Windows and kiss your files goodbye.
How to Protect Against Ransomware
Your defenses against ransomware are everything. It’s an all-or-nothing attack, so, once it happens, you’ll have a long road ahead to undo the damage. If you prepare, though, you can negate a ransomware attack completely.
The first step is to keep an air-gapped computer. If you’re going online or connecting to other networks, don’t download anything sketchy. Ransomware is typically delivered with a trojan, a shell that makes a file look like one thing when it’s another. Don’t download known files from other sources or applications that aren’t trusted.
The best protection against ransomware, though, is online backup. After all, ransomware looks much less threatening when your files are backed up offsite. You can use our guide to the best online backup with ransomware protection to find a service.
As a small spoiler, we rated CloudBerry Backup first for its ransomware scanning and customizable versioning, which you can read about in our CloudBerry Backup review.
Even with your files backed up, the ransomware remains. You’ll need an antivirus to deal with that, and any of the options in our best antivirus software guide should do the job. Ransomware protection has been a buzzword for antiviruses lately, so most include it by default.
Our first pick is Bitdefender. It has ransomware protection which will monitor folders that other applications attempt to access. While testing it in our Bitdefender review, we noticed it even blocked Microsoft Word. Thankfully, you can set which applications have permission.
Apart from monitoring the areas that ransomware may attack, a secure antivirus will provide real-time protection against all forms of malware, including ransomware. It’s yet another layer of defense against downloading and falling victim to this type of software.
Ransomware has a history as one of the nastiest cybercrimes plaguing the internet. It’s shift to scareware was bad a few years ago, but now that hackers are using more malicious means to force your hand, proper preparations and precautions are necessary.
The good news is that ransomware is difficult to get and easy to remove, so long as you’re protected with a strong antivirus. Bitdefender is our first choice, but you can find other options in our antivirus reviews.
Online backup is the same. You may not always need it, but you’ll be happy you have it when you do. Ransomware thrives on poor backup practices, stealing information from those who leave it vulnerable. Crypto ransomware looks silly if you can just restore your files.
If you have ransomware, you may be out of luck, especially if your files are encrypted. This attack isn’t all smoke and mirrors. The attacker can and will find your data and hold it hostage. The best thing you can do is protect yourself with online backup and a secure antivirus.
After those are in place, it’s unlikely you’ll get ransomware and, even if you do, you have a simple way to remove it. Have you ever been the victim of ransomware? Let us know in the comments below and, as always, thanks for reading.