Internet criminals using ransomware are posing serious risks to people and companies.
Terry Cutler, certified ethical hacker and founder of Digital Locksmiths in Montreal describes ransomware as, “a virus or malware [malicious software] that will install on your computer and will start encrypting all of your files and will make them unusable to you until you pay a ransom.”
He said the ransom is usually $500 and victims are given a deadline to pay it by. If the deadline is missed the ransom will double. Eventually if the ransom is not paid victims will lose the files forever.
It has become so popular because they have perfected it; they have made it so there is no way to bypass the encryption. So therefore they are guaranteed that people are going to pay the ransom to gain access to their files again. “In 2014 apparently these guys racked up $120 million of revenue in like five months,” Cutler said.
Payment is to be made in bitcoin, which Cutler said “is pretty much anonymous payments so it’s very very difficult to track who is paying whom… [These cyber-criminals] don’t accept Paypal.”
He cautioned people to watch their email “Most of these threats are coming through e-mails such as FedEx. They look like it’s an email from FedEx saying ‘here’s your report or here’s your delivery’ and it’s a zip file. When you open up the zip file there’s an executable [exe] file in it. Right away, nobody should ever send you an exe file. And when you run it – game over. It starts encrypting your data. All of your pictures, all of your zip files, all of your word documents, your videos all of its encrypted,” he said.
Once the files are encrypted there is no way to recover them. He said even data forensics and people who do hard drive recovery cannot get the files back.
“Cyber-criminals don’t accept Paypal” – Cutler
The ransomware has a 2,048 bit encryption. “It would take hundreds of years to decrypt this thing… It’s very advanced malware,” Cutler told Humber News.
“There was one version that existed called the cryptolocker, that was one of the first versions of it and researchers were able to extract the encryption key, so we would be able to break that key in three seconds. But now they have made it so advanced, with 2048 bit encryption, which is military grade, and it’s unbreakable,” he said.
Eric Hacke, a Toronto-based senior software engineer said the best way to protect yourself is to back up all of your files. He said the best thing is to be prepared instead of reacting to it once it happens.
“You’ll want to keep your files backed up in another location that is not immediately connected to the computer all the time,” he said. If an external hard drive is plugged in to the computer files can still be accessed and encrypted; the malware can bypass anti virus software.
“In all cases you don’t want to pay these people cause there is absolutely no guarantee that they will actually unlock it. They may just ask for more money again after that. It is sort of a blackmail scenario and there is no way to really be sure that you’re going to get any decent results for your money,” said Hacke.
Once a computer is infected with this malware it becomes extremely difficult to remove it or make sure it is fully removed. Hacke said, “the best solution is usually an extreme one which involves wiping the computer completely and starting from scratch… there’s no way to really go through the thing and make sure you’ve removed all traces of it.”
“You’ll want to keep your files backed up in another location” – Hacke
He suggested checking other computers that are on the network aggressively with anti-virus software to make sure it hasn’t moved elsewhere. “Even if you clean the computer and you reconnect it to the same network it could come back.”
In fact, Hacke warned, “In terms of the cost of these things, if it was me personally, I would just take the hard drive out of the computer, chuck it in the garbage can, and then buy another one for a hundred bucks and install that and put Windows on top if it, and then you’re a hundred per cent certain.”