If malware and viruses weren’t enough to worry about, everyday people continue to be subjected to ransomware, software designed to block access to networks, systems and files, often in the form of an email or contaminated app, until a sum of money, usually around $300 or so is paid. More often than not, the ransom note includes a threat of blackmail.
Recently two ransomware groups went straight for the top, targeting CEOs in public companies, and employees in telemedicine.
Incriminating evidence
First spotted this past August, Venus is a ransomware group reported by the U.S. Department of Health and Human Services to be targeting healthcare organizations.
However, after reportedly having some trouble getting paid, Venus has since shifted to targeting CEO in public companies. Framing them for insider trading, by carefully manipulating their emails and turning them into incriminating messages.
Targeting the meek and mighty
Meanwhile, another ransomware group known as CLOP has continued to target healthcare professionals, by sending them malware disguised as ultrasound images or medical documents.
CLOP even went a step further, this time by blackmailing the clients of the ransomware victims, urging them to tell them to pay up or their personal information will be leaked to the dark web. Reports have shown that members of CLOP were part of a longstanding malware group called TA505, known for frequently changing their malware, and influencing trends.
How to deal with ransomware
Unfortunately, it’s not only the rich and powerful who find themselves saddled with ransomware. It could sadly happen to any of us. Should you find yourself being told to “pay up, or else”, fear not, as there’s a more than likely chance you may not need to pay a cent.
Determine what kind of ransomware you have
Fake Ransomware
If you come upon a ransom note but can access your files and applications, then you probably weren’t hit by real ransomware, and have little to worry about. For good measure though, wise to force quit all programs, restart your computer, and run any anti-virus software for good measure.
Screen locking ransomware
Screen-locking ransomware occurs if you can’t get past the ransom not, or you receive a notice from the police, IRS, or FBI claiming you owe them money. Screen-locking ransomware isn’t as bad as it could be, as long as you follow these steps.
- Go offline before the ransomware can spread, and disconnect your machine from any external hard drives or other devices
- Take a screenshot or photo of the ransom note to give to the police
- Reboot your computer in “safe mode”, it will re-start and run antivirus software.
Encrypted Ransomware
If you are having trouble accessing any of your files or downloads, then you have likely been hit with encrypting ransomware, which could pose a more serious problem. Should this happen, follow the above steps as if it were screen-locking ransomware, and then:
- See if you can open or recover any files which you couldn’t earlier
- Use a program like crypto sheriff to try and determine what kind of ransomware you were dealing with.
- Run any decryption tools you might have
- Restore all files from your most recent backup.
How to avoid ransomware
Generally speaking, a bit of common sense will protect you from ransomware more than anything else, as the best ways to avoid becoming a victim are:
- Don’t open a link from an email address you don’t recognize
- Don’t download any attachments from unfamiliar emails
- Don’t agree to enable macros when asked
- Back up all important documents on a flash drive or external hard drive
- Update your software regularly
- Invest in good antivirus software, such as TotalAV, our most highly recommended antivirus protection of 2022, available for PC, Mac, Android and iPhones. Limited-time deal for CyberGuy readers: $19 your first year (80% off). See my expert review of the best antivirus protection here.
Should I pay the ransom?
This is, in fact, a rather difficult question.
If the ransom note seemed to be fake, or you were sent screen-locking software, most would say no since they were easily flagged as feeble attempts to con you.
In the case of an encrypted file, however, it can be a little more complicated. The crooks will likely uncover the files after payment. However, that is in no way a guarantee. Even if the ransom amount is not something that will put you in financial ruin, you will still be enabling the hackers by paying them. This is why most tech companies, not to mention law enforcement, strongly advise against paying.
Be sure to pass along this information to anyone older you love, and look out for other scams that are on the rise.
Related:
- How Ransomware Gets You
- Powerful Android malware sneaks ransomware on your phone
- Watch out for malware in images in email attachments
- Best Antivirus Protection in 2022
- How to back-up your devices the right way