Cryptographic ransomware

What is Cryptographic ransomware?

Cryptographic ransomware is malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom. It generally targets computers running Microsoft Windows, though newer versions targeting Apple's OSX have recently surfaced. Well known examples of Crypto-ransomware include CryptoLocker and CryptoWall.

What does Cryptographic ransomware do?

When installed, the ransomware encrypts certain types of files stored on local and network drives. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline. It also threatens to delete the encryption key if the deadline passes. Payment is usually requested in bitcoin. Criminals prefer bitcoin because it's easy to use, fast, publicly available, decentralised and (relatively) anonymous.

How do people get infected?

Cryptographic ransomware is generally spread via infected email attachments, or through drive-by downloads where a user simply visits a website that is running malicious code. Drive-by downloads can occur while visiting even legitimate websites which have had malware installed on them through a vulnerability on the website. Another common way to be infected is via malvertising. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Is it possible to decrypt the encrypted files?

Some early versions of ransomware had bugs that allowed decryption of the files however newer versions have closed these holes. There is no feasible way to decrypt the files without the decryption key.

What can I do to protect the data on my personal computer?

The following are proactive steps that you can take to protect the data on your computer.