You’re in the right place in the beep bag. It went like this: you received an email about a package, with an attachment. You clicked on the attachment. At first nothing happened, but after a few minutes you got a message on your screen: “Your files are encrypted. Pay us 600 euros and you will get your files back.” And then, no matter what you clicked or tried, there’s nothing you can do. You are a victim of ransomware.
In this blog:
- What is ransomware?
- How does ransomware work?
- Can you remove ransomware?
- Ransomware at companies
- Preventing Ransomware
What is ransomware?
Ransom = ransom. Ransomware = ransomware. It is therefore software that ‘hostages’ your computer, with all your files. Until you pay. Then you will get your files back. And if you don’t pay? You can read that below.
How does ransomware work?
In real life, sometimes a daughter of a rich oil sheik is kidnapped. The perpetrators are asking 2 million to get her released. Otherwise you won’t see her alive again.
Today it is easier. You send an email to an unsuspecting user with the message that a package is ready. The user opens the email and clicks on the attachment. That’s all. Now the computer is infected with, for example, a cryptolocker (name of ransomware). You don’t see it.
But in the background, your PC is encrypting all important files so that you can no longer access them. When he’s on his way, you get that message: Your files are encrypted (in English usually). Pay us a few 100 euros in bitcoins. When you pay, you get your files back.
A dreaded ransomware alert
Pay with bitcoins
You should always pay for ransomware in bitcoins. Bitcoins are anonymous and not registered. In order to pay, you must have a bitcoin account. Not everyone has this, and that is why hostage takers send a manual on how to open a bitcoin account.
Can you remove ransomware?
If you don’t pay, you will lose all your files. You cannot click away or receive the notification. The only thing that helps is resetting your computer. So: get rid of everything and start all over again. You won’t be able to remove ransomware properly.
Who makes ransomware?
In addition to the regular web, there is a dark web . There you will find companies that make and sell ransomware. Suppose you send an attack with 15,000 emails with a ransomware link, and 1000 people click, who all pay you 1000 euros. Then you quickly earned a lot of money. The sad thing is that they use the money you pay as an investment to make that software even better…
Ransomware attack at companies
Companies are very interesting for these criminals. There is a lot to gain. What would you think if you couldn’t access your company data anymore, and you never did thorough backups? Then it will cost you quite a bit of money. Here’s how the world’s largest meat processing company paid 9 million euros thanks to ransomware. After all, that’s cheaper than losing all your files and setting everything up again. Also Basket Makers were victims of ransomware. One last example: you might remember Maastricht University . Hackers had been in the network for two months before they struck.
Company data made public
Ransomware not only encrypts files, they are also uploaded to the owner of the ransomware. If you don’t pay, these files will be made public. If you don’t want what your competition is not allowed to know, or that your personnel data is exposed, then you will have to pay. You sometimes get a week to pay. In that week they show after a few days: look, we really got this from your company. That’s scary.
Is that money, that loot traceable?
It is very difficult to trace. The money goes into a bitcoin wallet and is immediately funneled several times. That’s why it’s almost impossible to follow.
Are perpetrators ever arrested?
That’s not obvious to a layman (like us). But: you hardly ever hear about gangs being arrested. Sometimes you read that people have been arrested, but that is more because of mistakes made – for example by leaving an email address somewhere – than that the money is found. In addition, you can do this from your computer in the attic, so it is very difficult to find out.
What’s the aftermath if you’ve had ransomware?
- Once you’ve had ransomware and haven’t paid for it, but have reinstalled your PC, it’s really gone. Then you would have to click on an attachment again to get it again.
- If you were a victim and you did pay, it is unlikely that that particular version will infect you again. The criminal will protect his own business by making different victims every time. You probably won’t fall for it twice. If you click on an infected attachment in an email from another parcel service…, you start again.
Preventing Ransomware: Tips for Our Readers
- Don’t click on things too quickly. Think before you open and click emails.
- Do not open attachments in emails that you do not expect, or if you do not know the sender. And certainly not from companies that normally don’t send emails. Ransomware mainly arrives via email.
- We can’t say it often enough: make sure you have a good backup. That’s the most important thing.