Guest post by Samir Nassar, digital security consultant
I recently received a panicked phone call from a client in the Middle East who was unable to open any files on his laptop. When he described the message on his desktop (written in English), I knew immediately what had happened: he was a victim of ransomware. His files were being held hostage and he could only gain access to them if he paid 250 USD.
As a digital security consultant and trainer, I prepare my clients for the worst-case scenarios. Ransomware is definitely among the most serious threats to your digital life.
Ransomware can have viciously destructive consequences, so it’s important you know how to minimize your risk and how to respond if it happens to you.
What is Ransomware?
Wikipedia defines ransomware as “a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.”
The impact of specific attacks can vary; some ransomware locks up your entire computer, others encrypt some or all of your files, while other types of attacks make particular high-value programs unusable. What makes each of these examples fall under the category of ransomware is the demand on the victim to pay money (a “ransom”) as a condition of being able to use their computer normally again.
This malicious software can be spread in many ways, including infected files, browsing the internet, email, installing unknown or pirated software, and using infected USB disks.
You might wonder if the attack was personal because of your connection to the LGBTQI community. But the “success” of ransomware relies on attacking any and all vulnerable systems—without discrimination. If your computer is infected with ransomware, rest assured neither your sexual orientation nor your activism is what made you a target. It is the vulnerabilities within your software and some of your computer-using habits that ransomware exploits to make an attack possible.
What to expect if you are a victim.
The infection usually starts through something you downloaded that contains malicious software, or through a fake software update notice. In some cases, the malicious software tricks you into installing it by looking like an official notice from a law enforcement agency or software company, or by being disguised as an anti-virus notice.
You will see a message on your computer, explaining why your computer is not functioning and the amount of money you will have to pay in exchange for a code to access your files again. There is often a deadline for paying, with the amount increasing as time passes. By the time my client contacted me, the ransom demand had increased to over 1000 USD.
What should I do?
If you fall victim to a ransomware attack, ask yourself two questions:
- Do I have recent backups of the files that matter to me?
- Can I access those backed-up files without my current computer?
If the answer to both of those questions is yes, you have an alternative to being forced to pay criminals the ransom. As long as your files are backed up, I recommend conducting a complete wipe of the hard disk and a fresh install, and then scanning your backed-up files with anti-malware programs before putting them back onto the computer.
The most important lesson is to backup your files often and to have more than one copy. This crucial step will not prevent a ransomware attack, but it will free you from stress of having to choose between losing your files and being forced to pay a large amount of money to criminals.
To avoid becoming a victim of ransomware, and malware in general, see my follow-up post, Ransomware: How to Protect Yourself
Samir Nassar is an independent digital security trainer and consultant working primarily in Europe and throughout the MENA region.