Ransomware

What is ransomware?

Ransomware is a specific type of malware that has gained attention since year 2012. While malware encompasses various types like worms, viruses, and Trojans, ransomware stands out as a unique form.

In today's landscape, most malware is designed to generate profit. Some malware operates discreetly on your computers or mobile devices, aiming to gather sensitive information such as credit card details and login credentials for online accounts, including email and banking. In contrast, ransomware takes a different approach by seizing your data or devices and demanding payment for their release. Additionally, certain ransomware variants can even lock your computers or mobile phones.

How could data be kidnapped!?

Technology is always a double-edged sword. Usually, ransomware comes with a sophisticated encryption algorithm, which locks your devices or encrypts data on your computer systems. Encryption assured that data is only known to those that possess the corresponding decryption key. In other words, without the decryption key, it is hardly possible to unlock the device or data hostage.

What will happen after data being kidnapped?

Normally, you will receive a letter or message from the kidnapper, demanding you to deposit a certain amount into an offshore bank account, PayPal or through Bitcoins. Amounts vary from few hundred US dollars to thousands. The amount demanded by the kidnapper in Sony Picture's incident in 2014 was not publicly announced, but it was believed to be sky-high.

Does paying the ransoms work out?

The answer is a big NO. Usually, the kidnappers either disappear or ask for more. Unfortunately, data or systems are actually gone after being kidnapped. Besides, making a payment also put your banking information at risk. Even though there are malware removers which could clean the ransomware from infected computer or mobile devices, it is hardly possible to decrypt the encrypted data. For devices, typically a factory reset is needed.

How to prevent from being the next victim?

As stated in the very being, ransomware is just another malware; hence, all those means applicable in preventing malware infection also applies. Just to recall a few, same old tactics are:

  • install and configure anti-virus software so that the virus definition files are current, routinely and automatically updated;
  • applying security patches, reboot regularly and after patched, and power off your computer when not in use;
  • do not open suspicious or phishing emails, and email attachments;
  • applying web filters and refrain from browsing unknown websites.
  • In particular, regular backup is of utmost importance, as this is the last resort for rescuing your data.
IT.ServiceDesk@cityu.edu.hk