Ransomware continues to pose a threat

The great majority of cybercriminals is in it for the money.

Some choose to steal it indirectly by using information-stealing malware to gain access to users’ online banking accounts or to get their credit card information. Others use malware that blocks access to the computer and then ask the users to pay for having that privilege returned.

This latter attack is executed with ransomware and there are quite a few different pieces of that particular type of malware being currently used, warns Symantec.

Some ransomware locks the computer’s desktop and asks of the user to send an SMS to to a premium rate number in order to receive back a code that will restore access to the system.

Other ransomware adds to that a change of the desktop background image, which contains the request for money, instructions on how and where to send it, and an embarrassing pornographic image that makes the user less willing to ask for technical help.

Ransomware disguised as an adult game uses a similar approach. It asks the user to enter their personal information in order to play, and it records the adult-themed Internet pages the user visits. After a time, the list – headed by the personal information – is presented to the user, and he is told that this information will become public if he doesn’t pay up.

There is also ransomware that encrypts user files and holds them ransom. Sometimes the encryption key is stored on the computer and the user can decrypt the files if he knows where to look for it, but other times the files are lost for good because there is no guarantee that the criminals will send the key to decrypt them even if the victim sends the money.

Some ransomware doesn’t even allow the operating system to boot:

But this particular threat can be bypassed because part of the message is a lie: the hard drive is not encrypted, so it can be accessed offline. And even the overwritten master boot record (MBR) which led to this predicament can be restored.

Of course, the best way to avoid ransomware is to keep your antivirus solution up to date and be constantly alert for attacks that may result in downloaded malware – of any kind.

If, despite all precautions, you pick up ransomware along the way, it’s best to search the Internet for clues and possible solutions to the problem. And remember to always backup.

More about

Don't miss