(Based on true events. At the request of the victims, the names have been changed.)

Meet Bob, a full-time programmer. Naturally, his whole life depends on the content of his computer: projects, code, important company files, customer documents, passwords, photos, among other things. One night, alarmed by an email that seems to come from his bank, he downloads a .pdf file with supposed account movements. From that moment on, without him suspecting it, everything was going to turn into a nightmare.

The file seems wrong. Bob decides to close it and clarify the matter with his bank in the morning. After a couple of hours without anything interesting happening, Bob realizes how serious his situation is… He was infected by a Ransomware. And his valuable information? It has been taken as a hostage. Weeks of work without backup and everything he had on his PC is now inaccessible. His only chance to recover what belongs to him is to pay the equivalent of 3,000 dollars in bitcoins to a stranger, without having the certainty of recovering his files.

Bob is in trouble. First, he is in shock. Second, paying in Bitcoins is a complicated task for the uninitiated. And third… there are no guilty! An omnipotent force has seized his computer, and he can’t do anything about it.

It is necessary that you have knowledge about this attack so that you can avoid being the next victim. Take a deep breath and follow us, we’ll tell you everything you need to know about it.

First things first…

What is a Ransomware?

Ransomware is a type of Malware that restricts access to certain parts of the system and/or files. In return for regaining users access, the Ransomware demands a sum of money. It is the digital analogue of kidnapping. The method often used is data encryption, although there is also the LockScreen Ransomware, which blocks the computer and prevents it from being used until the ransom is paid.

Did you know…

• The first ransomware (as far as it is known) was the AIDS Trojan (1989), at that time the demanded payment was of 189 dollars, today an average of 3,000 dollars is requested.

• It is estimated that by a type of ransomware (Cryptowall 3.0) the attackers won a total of $325 million dollars (just considering the American victims).

• The most dangerous Ransomwares are: WannaCry, Petya, Cerver, Reventon, CryptoLocker, and Locky.

• According to McAfee, it is actually estimated that there are more than 250,000 different ransomwares.

• The perpetrators don’t need great skills in order to create or spread the malware. In certain corners of the web there are pages that allow users to customize and create their own ransomware.

How does it works?

The Ransomware can try to attack through insecure pages or through an email (the latter being the most popular form of distribution). It is linked to phishing techniques: i.e. An email arrives in your inbox with information that seems attractive or alarming. So that out of curiosity or fear it forces you to download an attachment loaded with malicious code.

The emails could be of all kinds: from your bank assuring you have received a high fee, FedEx dispatchers who claim to look for you to deliver an important package, electricity bills, false tax returns, etc. There are many ways to get your attention. The main idea is to make you feel the urgency to open the file (making you fall into the trap). Once you download and run the malicious file, everything falls apart.

Malware can have different faces: office documents, videos, images, and even programs that at first sight are reliable (flash players, for example). It usually attacks in silence, encrypting your files in the background. Finished his task, he threatens you (by means of a screen or by means of a text document) in a clear and direct way: if you do not pay (usually in bitcoins) you’ll lose your files.

To enhance fear and uncertainty, in the threat the attacker can include your IP address, the company of the internet provider, explicit images, even a photograph captured from your webcam.

How can you recover from the attack?

You have 3 options:

1. Pay and wait for the perpetrator to send the key in order to decrypt the system.
2. Try to recover the machine from the attack.
3. Erase the hard drive, reinstall the operating system and start from scratch.

Information and cybersecurity agencies ask companies and victims not to pay the ransom and to go to the authorities if possible. This is in order to avoid creating a profitable business for the attackers.

If you want to recover your files, we recommend the following:

• Do not change the name of the files, you could cause permanent losses.

• If possible disconnect the computer from the network.

• In most cases, good security software should be able to remove the ransomware from the computer. Unfortunately, if the ransomware uses a sophisticated filecoder, the files will remain encrypted, but at least you will prevent the situation from worsening.

• Search google programs that detect the ransomware version. There are several databases, as well as free tools that could be of help. All you have to do is send them an unimportant encrypted file and the program or website will help you detect the version of the malware, as well as the key needed to recover your information.

• There are very sophisticated Ransomwares, for which there are no keys available online. If this is the case, you will have to face reality, your system is lost.

• Whether you were successful or not in the face of such an attack, we recommend you to wipe and do a clean installation.

How to prevent Ransomware attacks?

The best way to combat Ransomware is through caution and skepticism. We advise you to:

• Always have an updated backup and keep that backup offline (It may sound boring or tedious, but in reality it is the most important step of all).

• Be a little skeptical about the content of emails.

• Do not open attachments from unknown senders.

• Avoid browsing unsafe pages or with unverified content.

• Use a good antivirus, as well as an efficient firewall.

• Always have your Operating System and Software updated, in this way you reduce possible attack vectors.

• Disconnect from the internet as soon as possible if you find a suspicious activity.

What now?

Hopefully you’ll never be in Bob’s situation! We know how difficult is to have good safety habits, but now, more than ever, they are indispensable. No matter how sophisticated the antivirus or computer firewall is, you’ll still be exposed if you do not have proper caution. So you already know… Be careful and keep going, because at the end of the day, you can be the best firewall of all.