Ransomware Facts

What is ransomware?

Ransomware is a type of malware that locks a computer user's system. It then displays messages aimed at getting the user to pay a ransom through certain online payment methods in order to regain access to the system.

These incidents typically occur when a user of a computer system is duped into clicking on an infected popup advertisement, visiting an infected website or downloading an infected file. This mistake allows the cybercriminal to take control of the computer and lock the computer screen. The cybercriminal then makes the payment demands.

How does one remove ransomware?

The best method of fighting ransomware is to avoid it in the first place. Do this by abstaining from ever clicking on popups that you do not know you can trust – or even disabling popups altogether. Don’t click on links in emails from people you don’t know or that seem out of character from the supposed senders.

If you do fall victim to ransomware, you should consider reporting the scam to the Indiana State Police, who may connect you with cyber forensics experts. Call the State Police post covering your area or log onto this State Police website for more information.

Sometimes there are ways to remove ransomware yourself. One method is by using “system restore” to load your system’s last known working configuration. There may be variations in the exact steps to be followed depending on the manufacture of your computer, but following is a process that sometimes works on many systems using Windows: 

  1. Restart the computer and press F8 repeatedly as soon as you see anything on the screen.
  2. Use the arrow key to select “safe mode” and press enter.
  3. Open “system restore” by clicking the “start” button. In the search box, type “system restore,” and then, in the list of results, click “system restore.” If prompted for administrative access, provide confirmation.
  4. Choose a restore point, and then click “next.”
  5. Review the restore point and then click “finish”.
  6. Restart your computer and let Windows start normally.

If “system restore” doesn’t help, one may try to run Microsoft Safety Scanner, Windows Defender or other antivirus software.  To do that, once you are in the safe mode, try to run the antivirus software – performing a full-system scan to detect any malicious activity.

What is Samsam Ransomware?

Samsam ransomware falls under the category of a crypto ransomware, which means it will encrypt the files on the victims' device. The difference with samsam ransomware is that it is mainly focused toward servers, which distributes information and data across numerous devices. General ransomware requires human interaction, whereas samsam ransomware take no human interaction, allowing it to be executed without detection. Normally, hackers must take action to begin encryption but upon execution of a samsam malware, all files are immediately locked with no action required. 

Samsam Ransomware Preventative Measures:

  1. Keep systems and software up-to-date.
  2. Backup data and information
  3. Protect credentials by using two-factor identification methods, as well as changing passwords periodically.
  4. Seek education about risks and what to avoid.

Black Shades Ransomware

Black Shades is the typical ransomware. It stealthily intrudes into ones device and begins automatically locking files, pictures, videos, applications, etc. After access had been restricted, the hacker then presents the victim with an option to unlock the files, giving the user access to their files for a fee. The Black Shades ransomware does not cost victims a fortune to decrypt their files and gain their information back. Files can be unlocked at around $30 through PayPal or Bitcoin. The source of Black Shades ransomware is unknown at this time but is suspected to be mainly distributed through fake videos and fake patches.

RAA Ransomware - JavaScript

A new type of ransomware is being distributed by cyber criminals. This new type is referred to as RAA ransomware. Currently, the definition of RAA, if it exists, is unknown. RAA ransomware is coded in JavaScript, rather than a common, more standard programming language. Switching the programming language gives this method of cyber-attack an edge over the average. The advantage lies within the flexibility that JavaScript has with certain files types. This attack is distributed through email as an attachment. Users who open the file activate the attachment and the ransomware functions begin. The victim’s files lock up and additional malware is installed on the computer. After opening the attachment, the file then appears to be a corrupt file, unable to perform any functions. Although, the file is in fact working in the background to lock files and delete Windows software. 

For more on these methods and other information involving ransomware, you may refer to this information provided by Microsoft.

Many times, victims of ransomware may wind up going ahead and making online payments to the cybercriminals in order to regain access to their systems. Remember that there is never any guarantee that paying off the ransom will bring the promised result. Only resort to paying the ransom after first working with authorities and deciding you’re willing to assume this risk.