Pin Me

Ransomware - Anatomy and Protection

written by: Mark Muller•edited by: Bill Bunter•updated: 8/8/2011

In this article you find Ransomware, a rising form of cybercrime, explained including recent examples. Additionally will you be shown how to protect from Ransomware and what to do should you become a victim of extorting malware or data kidnapping.

  • slide 1 of 1

    Ransomware is software used in a cyber attack in which Internet scam artists render your files or computer unusable and then ask for money to unlock your files or return your PC to a normal working state. Ransomware enters your computer like any other malicious software in viruses, worms and Trojan horses for example. Moreover, to get infected by malware including ransomware sometimes nothing else than visiting an infected website is needed (drive-by-download).

    Ransomware usually encrypts the victim’s documents and leaves an electronic note that files will be decrypted only after some money has been wired, or unnecessary or overcharged services and products including pharma pills have been bought on a website run in a foreign jurisdiction. Alternatively, or additionally, victims of ransomware can be bothered or embarrassed with adult content popups, or their browser hijacked to websites promising to remove the alleged malware or virus infection seen in infamous Antivirus 2009 ransomware for example.

    The Antivirus 2009, which in fact is an extremely nagging piece of malware such, was removed from approximately 400.000 infected computers by means of Microsoft’s Malicious Software Removal Tool MSRT in December 2008. I have seen the effects of the Antivirus 2009 ransomware on a computer of somebody I know in autumn 2008 at the time when re-installing the OS was the best available option! MSRT, again, removed similar piece of malware in mid 2009.

    Thus, Ransomware is the computing equivalent to kidnapping. Serious cases such as when files can no longer be accessed and there is clear evidence of ransom (e.g. a message asking for money in exchange for the decryption key) should, in my opinion, be reported to the police immediately no matter the demanded amount which might be relatively low. In case you are not sure whether the phenomenon is a hoax you perhaps want to consult an IT professional; needless to say that you call your admin if you experience ransomware at work.

    Ransomware can enter your computer like any other malware, but drive-by-downloads are the hardest to protect from. Moreover, no antivirus / anti-malware program can totally protect you from the numerous 0-day attacks so the best you can do is having your system patched and updated. If you are looking for a very good AV program which also warn you from entering phishing and pharimg sites check out Bright Hub's article on Webroot AntiVirus with AntiSpyware.


  • Author's own experience