Quick Links

Ransomware is a type of malware that tries to extort money from you. There are many variants, starting with CryptoLocker, CryptoWall, TeslaWall, and many others. They hold your files hostage and hold them for ransom for hundreds of dollars.

Most malware is no longer created by bored teenagers looking to cause some chaos. Much of the current malware is now produced by organized crime for profit and is becoming increasingly sophisticated.

How Ransomware Works

Not all ransomware is identical. The key thing that makes a piece of malware "ransomware" is that it attempts to extort a direct payment from you.

Some ransomware may be disguised. It ma y function as "scareware," displaying a pop-up that says something like "Your computer is infected, purchase this product to fix the infection" or "Your computer has been used to download illegal files, pay a fine to continue using your computer."

In other situations, ransomware may be more up-front. It may hook deep into your system, displaying a message saying that it will only go away when you pay money to the ransomware's creators. This type of malware could be bypassed via malware removal tools or just by reinstalling Windows.

Unfortunately, Ransomware is becoming more and more sophisticated. One of the most well-known examples, CryptoLocker, starts encrypting your personal files as soon as it gains access to your system, preventing access to the files without knowing the encryption key. CryptoLocker then displays a message informing you that your files have been locked with encryption and that you have just a few days to pay up. If you pay them $300, they'll hand you the encryption key and you can recover your files. CryptoLocker helpfully walks you through choosing a payment method and, after paying, the criminals seem to actually give you a key that you can use to restore your files.

You can never be sure that the criminals will keep their end of the deal, of course. It's not a good idea to pay up when you're extorted by criminals. On the other hand, businesses that lose their only copy of business-critical data may be tempted to take the risk -- and it's hard to blame them.

A popup message warning about ransomware.

Protecting Your Files From Ransomware

This type of malware is another good example of why backups are essential. You should regularly back up files to an external hard drive or a remote file storage server. If all your copies of your files are on your computer, malware that infects your computer could encrypt them all and restrict access -- or even delete them entirely.

Related: What's the Best Way to Back Up My Computer?

When backing up files, be sure to back up your personal files to a location where they can't be written to or erased. For example, place them on a removable hard drive or upload them to a remote backup service like CrashPlan that would allow you to revert to previous versions of files. Don't just store your backups on an internal hard drive or network share you have write access to. The ransomware could encrypt the files on your connected backup drive or on your network share if you have full write access.

Frequent backups are also important. You wouldn't want to lose a week's worth of work because you only back up your files every week. This is part of the reason why automated back-up solutions are so convenient.

If your files do become locked by ransomware and you don't have the appropriate backups, you can try recovering them with ShadowExplorer. This tool accesses "Shadow Copies," which Windows uses for System Restore -- they will often contain some personal files.

recover-files-from-windows-shadow-copies[4]

How to Avoid Ransomware

Related: Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

Aside from using a proper backup strategy, you can avoid ransomware in the same way you avoid other forms of malware. CryptoLocker has been verified to arrive through email attachments, via the Java plug-in, and installed on computers that are part of the Zeus botnet.

  • Use a good antivirus product that will attempt to stop ransomware in its tracks. Antivirus programs are never perfect and you could be infected even if you run one, but it's an important layer of defense.
  • Avoid running suspicious files. Ransomware can arrive in .exe files attached to emails, from illicit websites containing pirated software, or anywhere else that malware comes from. Be alert and exercise caution over the files you download and run.
  • Keep your software updated. Using an old version of your web browser, operating system, or a browser plugin can allow malware in through open security holes. If you have Java installed, you should probably uninstall it.

For more tips, read our list of important security practices you should be following.

avast-blocking-cryptolocker

Ransomware -- CryptoLocker variants in particular -- is brutally efficient and smart. It just wants to get down to business and take your money. Holding your files hostage is an effective way to prevent removal by antivirus programs after it's taken root, but CryptoLocker is much less scary if you have good backups.

This sort of malware demonstrates the importance of backups as well as proper security practices. Unfortunately, CryptoLocker is probably a sign of things to come -- it's the kind of malware we'll likely be seeing more of in the future.