lockNever before have computer users been subjected to a threat as disruptive and dangerous as modern ransomware.  Where older viruses and malware disrupted data, ransomware holds it prisoner.  Extortion is the new agenda and it’s carried out on a massive scale.  Ransomware has emerged as the most destructive and difficult category of malware to deal with, of our time.

There are two common types of ransomware in circulation today; crypto ransomware and locker ransomware.  Locker ransomware is the most common and arguably less dangerous variant; it seeks to deny a user access to computer resources.  Locker ransomware typically locks a user out of the ability to access menus, browse folders or make changes to files.  Locker ransomware leaves the data on the system largely unharmed and as such, it is usually possible for tech-savvy victims to remove the lock personally, or to seek help from professionals who can.

The problem with Locker ransomware is that it will almost always be employed with an additional threat; psychological scare tactics.  Most variants of Locker ransomware go to great lengths to convince users that the system lock has been put into place by a law-enforcement agency.   Many of these government-branded themes place allegations against the user that they have been involved in shameful or illicit online activities.  In these cases, the user would rather pay the ransom than to be convicted of the alleged crime or shamed by friends and colleagues.

MoneyPak Ransomware

Locker ransomware uses social engineering tricks to get users to pay into ransom demands.

Comparatively, Crypto ransomware doesn’t need to rely on scare tactics because the threat is very real.  Crypto ransomware is designed to search all the files on a user’s computer and encrypt them, making the data unusable without a decryption key.  Crypto ransomware is designed to stay undetected for long periods of time.  The goal is to encrypt as much of the users data as possible before it reveals its extortion based intent.  Once the infection has been revealed to the user, it is already too late to salvage data or remove the infection.  Most crypto ransomware chooses not to target system critical files, in this way, the user feels more compelled to pay the ransom because they believe that everything will return to normal if they do.

Security firms have spent a great deal of effort to crack ransomware encryption and some have come close, but the reality is that remediation isn’t good enough yet.  Once infected with crypto ransomware, there is a very good chance that the encrypted data CANT be recovered traditionally.  This leaves users with a very unfortunate reality; give into the demands of the extortionist, or lose everything.

Giving into ransomware is a touchy subject, most security firms and government agencies advise against it.  If the ransom is paid, there is no guarantee that the encryption key will work.  Even if the key does work and all data is recovered, there is still a continued threat.  The user has now made themselves a target for every other extortionist because they know that THIS victim will give into threats.  So this begs the question, what options do users have?

Check back next week when we post the second half of this look at ransomware.  Part 2 will include an actual transcript from a ransomware extortionist; the steps involved in paying a ransom and we will provide you with ways to protect your business from ransomware.