Joseph Edwards took his own life shortly after he received a ransom demand on his computer that claimed to be from the police. Joseph was locked out of his computer and a ransom note was displayed on the screen. The note claimed that the computer had been used to view illegal websites and demanded that a £100 (US$150) fine be paid or else Joseph would face legal action. The threats were false and were being made by cybercriminals; Joseph’s computer had become infected with malicious software known as ransomware. Joseph was just 17 years old.
What is ransomware?
Ransomware is malware that holds the victim’s computer to ransom, either by restricting access to the computer by locking the desktop or by encrypting the user’s files. The malware then displays a ransom note, often claiming to be from the police, the FBI, or some other type of law enforcement agency. Ransomware can even tell what country you’re in and display a ransom note that looks like it’s from your local police force. The ransom note may claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court. Victims are often too embarrassed to ask for help because the ransom note may say they were viewing pornographic content.
Joseph’s story is a very extreme and unusual case but ransomware is nonetheless a very real and prevalent threat.
How does ransomware get onto your computer?
One way ransomware can arrive on your computer is through opening attachments in spam emails. These malicious emails may have what looks like regular documents attached, but once you open them, your computer is at risk of becoming infected with malware. Another way ransomware can infect computers is through certain websites. These may be malicious websites, set up by criminals for the sole purpose of infecting anyone who visits the site, or they may be legitimate websites that have been compromised by the criminals and used to spread malware.
Figure. Ransomware detections from January to December 2014
Although our data suggests that ransomware detections are falling over time, this data doesn’t show the whole story. The previous graph is made up of actual detections of ransomware infecting people’s computers. Ideally, it’s best to stop threats before they even get to your computer, and this is exactly what Symantec has been doing. Symantec and Norton products are continually getting better at stopping exploit kits, which are designed to find weaknesses in your computer’s software to spread malware, and reducing spam. This means that Symantec and Norton products can prevent ransomware from arriving onto your computer in the first place. Because of this, the number of cases of ransomware making it onto computers is dropping. Ransomware is still out there though and without good security software, there is still a risk of becoming infected.
Ransomware goes mobile
The bad guys know that many people these days use smartphones and tablets to surf the net and they’ve realized that there is a huge opportunity to make money from this. Unfortunately, ransomware for mobile devices is becoming more common and there are now plenty of threats that can lock your smartphone or tablet or even encrypt the files stored on these devices.
What if you do get infected?
If you do get infected with ransomware, don’t panic. It’s important to know that the police and other law enforcement agencies will never lock your computer or encrypt your files and ask you to pay a fine over the internet. If this does happen to you, any claims that are made are false and you definitely are not in danger of any legal action if you don’t pay. Speaking of paying, this is definitely something you should never do. Paying the ransom just funds the cybercriminals and allows them to continue their activities. And paying the criminals does not guarantee your computer or files will be unlocked; often the bad guys just take the money and run without unlocking the computer.
There are many different ransomware variants and depending on which type you have been infected with, there may be a simple solution to removing it. Tools like Norton Power Eraser and Norton Bootable Recovery Tool can help remove many threats. If your files have been encrypted, there may be a tool available to unencrypt them but this depends on the variant you’ve been infected with. If there is no tool available, you may have to restore them from a backup.
If you don’t feel confident trying to remove the ransomware yourself, ask for help. If you know someone that’s into computers, they might be able to help out, or you can bring your computer to a professional who will be best able to help assist you. And remember, they see this happening all the time and know that whatever the ransom note says is not true.
How to stay protected
Follow these tips to stay protected from ransomware.
On your computer:
- Make sure you have comprehensive security software installed, such as Norton Security.
- The bad guys will take advantage of vulnerabilities found in software to install malware, so it’s important to keep the operating system and software on your computer up-to-date by installing the latest security patches and updates.
- Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware is removed from the computer.
On your mobile device:
- Avoid downloading apps from unfamiliar sites and only install apps from trusted sources.
- Back up everything on your mobile device so that if it does become infected and you can’t get access to your stuff, you can always restore everything from the backup.
- It’s also a good idea to install a security app, such as Norton Mobile Security, in order to protect your device and data.
Joseph’s tragic story shows how much damage and grief this type of malware can cause. Criminals don’t care what effect they have on their victim’s lives, they just care about making money. While cases like Joseph’s are very rare, educating people about ransomware will hopefully mean that something like this never happens again.