Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Ransomware is a growing menace to anyone using a computer or mobile device these days. So unless you live cave – in which case, how are you reading this? – you need to protect yourself. Here are answers to some common questions about this vicious new form of malware.
What is ransomware?
Ransomware is a type of malware that, upon infecting a device, blocks access to the device or to some or all of the information stored on that device. To unlock the device or data, the user is required to pay a ransom, usually in crypto currency. The term ransomware covers mainly two types of malware: the so-called Windows blockers (they block the OS or browser with a pop-up window) and encryption-based ransomware. The term is also used for Trojan-downloaders, namely those that tend to download encryption ransomware after infecting the machine. Nowadays, encryption ransomware is widely referred to as just ransomware.
Is it malware?
Yes, ransomware is a type of malware, which mainly targets Windows-based systems (just like other types of malware). However, it is starting to attack Android-based devices as well. Quite often it is referred to as a ransomware virus or ransom virus but it actually comes in a form of a Trojan, which penetrates the machine in various ways, tricking users with the help of social engineering.
Is ransomware really a threat?
Unfortunately, yes. In 2016 alone, 62 new ransomware families (multiple samples with similar behavior or origin) appeared, each family’s modifications grew by more than 10-fold, with the users attacked twice as often — every 10 seconds — according to our partner Kaspersky Lab.
What are the different ransomware types?
There are three main types of ransomware, and the first one is the most widely spread:
How does ransomware get on my computer?
- File encrypting ransomware – Examples of this extortionate ransomware became prominent in May 2005. By mid-2006, Trojans such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, and ever-increasing key-sizes. Encryption-based ransomware returned once again in late 2013 with the propagation of CryptoLocker and using the Bitcoin digital currency platform to collect the ransom money.
- Blocking ransomware – This type doesn’t use encryption. Most famous ransomware of this type is Winlock. It trivially restricts access to the system by displaying pornographic images, and asks users to send a premium-rate SMS (costing around US$10) to receive the code to unlock the machine.
- Leakware (also called Doxware) – This involves a blackmailing crypto virology attack that threatens victims to publish stolen information rather than deny them access to the compromised computer. In a leakware attack, malware extracts and sends sensitive information back to the attacker or alternatively, to a remote instance of the malware, and the attacker threatens to make the information public unless the victim pays the ransom.
There is a variety of ways. Most common is through an infected attachment in an email, when the user is tricked to open a file with a malicious script. Another way is through a malicious link which redirects the user into an infected or simply malicious website, which in turn infects the computer by way of a drive-by download though various vulnerabilities in the operating system and third party software. While the first infection vector is easier to control by carefully checking all the emails and attachments, and not opening attachments form people you do not know, the second is much harder even for a savvy user. A good anti-malware solution coupled together with Acronis True Image 2017 New Generation is required to guarantee full protection against ransomware. Even if the anti-malware solution misses the threat, it will be stopped by Acronis Active Protection, and your data will be safe.
Should I pay the ransom?
We do not recommend this. By paying the ransom you motivate cybercriminals to continue their work because they see that it works. It is better to use Acronis True Image 2017 New Generation with Active Protection technology enabled. It detects ransomware thanks to the modern behavioral heuristics analysis and instantly restores your data while suspending the malicious process at the same time. Acronis True Image is also excellent backup software, so don’t forget to back up your data regularly to be completely on a safe side.
What is Acronis Active Protection?
Acronis Active Protection™ is an innovative patent-pending kernel level technology that delivers real-time constant protection of user data against unauthorized modification (mainly encryption) on Windows based machines.
Does Acronis Active Protection protect my computer from Cryptolocker, DeriaLock and other ransomware families?
Yes, but malware cyber criminals are constantly updating and releasing new variants and families of their harmful software. It is recommended to stay up to date with the latest Acronis True Image updates.
Does it protect from all ransomware threats or only from the ones in a pre-defined list?
Acronis Active Protection does not use malware "signature" approach to detect ransomware. Rather, it focuses on activities on data files that may indicate an attack. Therefore, protection is much wider than just a predefined list. While no protection is perfect, this approach will cover many threats that other approaches would miss.
Can Active Protection work stand-alone, without backup?
Yes, it will run in the background as long as Acronis True Image 2017 New Generation is installed and the feature is turned on. The Acronis True Image user interface doesn’t need to be active for this protection against ransomware to work in the background.
How do I get my files back?
When Acronis Active Protection is enabled in Acronis True Image 2017 New Generation, it restores damaged files automatically. The product will detect ransomware, suggest to block it, and suggest to restore any damaged files. You just need to click the restore button and you will get all your files automatically back in their original locations.
What is the ultimate protection against ransomware?
All anti-malware vendors recommend using backup solutions, for example, Acronis True Image for consumers or Acronis Backup 12 for small business and corporate users. This is indeed true, however cybercriminal started attacking backup solutions in order to make people pay. This is why you must be careful when selecting your data protection software. Acronis True Image 2017 New Generation has the Acronis Active Protection technology, which not only detects ransomware, thanks to a modern behavioral heuristics analysis, but also provides a robust self-protection functionality just in case if the bad guys try to interfere with the Acronis True Image Windows process. This guarantees that your backed up data is always secure. Other backup solutions unfortunately do not really provide any self-defense. You can see it in an independent evaluation of our technology by Anti-Malware test lab: http://www.anti-malware-test.com/backup_restore_systems_self_protection_test_2017