WAYS OF INFECTION
Several ransomware parasites are able to propagate themselves and infect the system without user knowledge. Others must be manually installed as any other software with or without user explicit consent. There are three major ways unsolicited parasites can get into the system.
1. Most ransomware parasites get installed by other threats like worms or trojans. They get into the system without user knowledge and consent and affect everyone who uses a compromised computer. Some threats can be manually installed by malicious computer users who have sufficient privileges for the software installation.
2. Many ransomware pests are distributed by e-mail and through file sharing networks. They arrive in files attached to e-mail messages, come embedded into letters or get downloaded using peer-to-peer applications. These risks have unsuspicious names, and therefore can trick a user into opening or executing them. Once the user opens such letter or file, the ransomware parasite silently installs itself to the system.
3. Some trojans that install ransomware parasites infect certain system and software files. The user may receive such files from trusted sources. Once such a file is executed, a trojan quietly installs itself to the system and drops a ransomware threat.
Ransomware affects mostly computers running Microsoft Windows operating system. Less prevalent threats are created to work on other popular platforms.
WHAT RANSOMWARE DOES?
- Encrypts user sensitive documents, multimedia objects or any other files containing important information. Leaves only encrypted data, usually deleting the original files.
- Deletes user documents, multimedia objects or any other files containing important information.
- Corrupts the entire system or installed software by deleting essential system components or important parts of installed software.
- Steals login names, passwords, valuable personal documents, identity data and other user sensitive information.
- Sends all gathered data to a predefined e-mail address, uploads it to a predetermined FTP server or transfers it through a background Internet connection to a remote host.
- Freezes the system making it complete unusable.
- Discloses user identity or any other confidential information without user knowledge and consent.
- Rapidly terminates active antivirus, anti-spyware and security-related software processes, disables essential system services and prevents standard system tools from running.
- Degrades overall system performance, decreases system security and causes software instability. Some parasites are badly programmed, they waste too much computer resources and conflict with installed applications.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.
- Demands to pay the ransom.
RANSOMWARE EXAMPLES
Ransomware parasites are not widely spread threats and all have practically identical functionality. The following examples illustrate typical nuker behavior.
Ransom is a trojan that threatens to delete important files until the user pays the ransom. Once executed, the parasite installs itself to the system, displays some pornographic images and shows a message threatening to delete one file related to installed software or containing user sensitive information every 30 minutes, until the ransom ($10.99) is fully paid. The trojan explains what it does and demands to transfer the money to the hacker's account. After the user transfers the money, he or she receives a specific number, which allows to uninstall the parasite. Ransom is able to prevent its removal. It launches multiple processes and displays messages when the user tries to terminate the trojan.
Archiveus is a typical ransomware trojan that encrypts user documents in the My Documents folder, and protects encrypted files with a password. The parasite deletes original files and leaves only encrypted archives. If the user opens such an archive, Archiveus displays a message asking the user to enter the password, which can be obtained after paying the ransom by purchasing pharmacy online.
CONSEQUENCES OF RANSOMWARE INFECTION
Typical ransomware parasites are very dangerous. Although they usually do not self-replicate and even inform the user about what they are doing, such threats can make all your vital information inaccessible, steal your valuable data and destroy the entire system, if you will not pay up.
Nevertheless, it is highly not recommended to pay ransomware makers for removing their parasites and restoring your information and the system. In most cases you will not receive any passwords, special codes or utilities for removing the infection and restoring your data. The attacker simply will not give them to you, as he has already got what he needed - your money.
Even if the attacker will help you to remove the parasite and restore your data, he still might have your information, which can be used for malicious purposes. This information could be retrieved with the help of installed ransomware pests.
HOW TO REMOVE RANSOMWARE?
In case of the ransomware infection, do not pay up immediately! Also do not believe in messages stating that the parasite, your system is infected with, is virtually impossible to get rid of, and encrypted, deleted or stolen data cannot be restored without the help from the ransomware author. Usually, such statements are deceptive. Ransomware makers use simple ways to make your data inaccessible. Most antivirus and anti-spyware companies successfully analyze ransomware and find working solutions to remove it and restore victim files, etc. Wait until security software companies will release the updates and then give your system a thorough scan. Most antiviruses and advanced anti-spyware programs will remove the infection, restore your system, your files and important information.
As it was said above, most ransomware parasites are usually trojans, and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, Eset NOD32 Antivirus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove ransomware and related malicious components. Powerful anti-spyware solutions such as
Spyware Doctor,
Spy Sweeper,
Ad-Aware SE,
Windows Defender Beta 2 or
eTrust PestPatrol are known for quite fair trojan and ransomware detection and removal capabilities.