We already talked a lot about financial data and accounts. Are cybervillains interested in anything else of yours? Yes, the most everyday files you can imagine: photos, videos, work documents... Basically anything you value and would probably pay
for to get back.
Suppose you turn on your computer, but instead of the usual Windows interface, you see... a skull. And a message promising to restore everything as it was, but only after you pay a ransom.
That’s exactly how the Petya ransomware works. Some other encryptors target not the whole system, but certain file types: documents, pictures, game saves. These types of malware encrypt their “hostages” so that they cannot be opened or used until
you pay up. If you do, the cybercriminals promise to send a decryption key, which, theoretically, should restore the files.
However, our advice is not to pay the ransom. First, this will encourage the attackers to continue their criminal activity (if it worked once, why not try again?).
Second, there are no guarantees that after the payment they will fulfill their promise. Relying on the honesty of criminals is a mug’s game. Moreover, some malware programs are designed to make decryption impossible, yet they still demand a ransom.
So what to do? In the words of many sports coaches, defense wins games. If you have a good antivirus with the latest database updates, you should have little to fear from ransomware.
If, however, your files are already encrypted, first you need to remove the malware – again with the help of an antivirus. Then you can try to recover the files yourself. For this, there are cybersecurity companies that produce special decryptors.
However, bear in mind that silver bullets take a long time to develop. In addition, the process requires information about the specific ransomware, which sometimes becomes available only after the malware creators are caught. So – alas – by no means
all ransomware Trojans have decryptors.
Therefore, the old adage that prevention is better than a cure applies well to ransomware. And since they are distributed the same way as other Trojans, you already know the rules for protecting against them (think back to Lessons 3 and 4).
That said, there is one other important file protection method: making backups. More about that in the next lesson.
You turn on your computer, and instead of the desktop you see a message stating that your data is encrypted and you need to pay a ransom to get it back. Do you pay up?