Everywhere across the world, ransomware has been a threat to the daily functioning of government as well as private offices and companies. The name ‘ransomware’ suggests holding the individual or the company to ransom. Unless paid, the ransomware hackers tend to publish data and information stolen from the victims or block their access to their own data.

Ransomware is malicious software that takes over the computer and the data stored within denying access to the user/owner of the data. The victim is held to ransom that, when paid, will get the hackers to restore access to data, but may not always be followed.

Ransomware tends to lock access to the extent that even a knowledgeable person is unable to reverse the system. They use a technique which is known as a ‘crypto viral attack’ which cannot be opened without a decryption key. The user gets a message that his/her files are locked and will not be accessible unless paid ransom in the form of digital payment. These files cannot be decrypted without a key – a mathematical one only known to the hacker.

A ransomware attack is carried out with the help of a Trojan which is disguised as a legitimate file, which you are tricked to open or download in the form of an email attachment. Since the year 2012, ransomware scams have grown in numbers. In fact, McAfee has collected more than double the samples of ransomware since 2013. The ransomware ‘Cryptolocker’ has been successful in getting the ransom from the US Federal Bureau of Investigation and received $18 million by June 2015. This ransomware has become more successful and sophisticated over the years.

How do hackers select the target?
There are many ways in which the hackers choose a particular organization as target. Sometimes, it is just an opportunity like attacking universities where the security team is smaller and there is a lot of file sharing, making it easy to break their defense. There are also some organizations that need constant access to their data and many times sensitive data organizations, like those of government agencies and hospitals, are likely to pay immediately. They are also open to and fear leaks.

Preventing ransomware
There are many ways to prevent ransomware, and involve common good security practices.

• Keep the operating system updated
• Install software that gives limited access to administrative privileges
• Install antivirus that protects from malware like ransomware and whitelisting software that does not allow unauthorized application downloads
• Always backup your files frequently and automatically. It may not stop the malware attack but it may prevent massive damage.

To remove the ransomware, you will need access to your machine again. This is what you should do:

• Reboot Windows to safe mode
• Install anti-malware software
• Scan the system to find and remove ransomware
• Restore the computer to a previous stage

Keep in mind that going through the above steps will remove the malware but will not decrypt the files. The un-readability has already taken place. It is impossible for anyone other than the hacker to decrypt the file as he holds the key.

In order to not lose your data, you might think of paying the ransom. However, law enforcement agencies would rather that you not pay the ransom. It basically encourages the ransomware hackers to become bolder in their attacks. In fact, research says that over 66% companies will not pay ransom on paper, but practically over 65% will actually pay the ransom.

Many companies already prepare for such situations where they might have to pay for the malware and they hold bitcoins in reserve for just such a situation. Keep in mind that ransomware may not have encrypted the data at all – it is just a scareware. Paying may not result in decrypting your files. Many times, the criminals just take the money and vanish without giving your data back.