What ended up as a benign suffix for technology, “ware” is now being tacked on to a long list of nasty words. Ad-ware. Malware. Bloatware. Ransomware. It has become a short hand way to reference some new development in the software world. While the first three co-exist in a space designed to force product advertisements in front of unsuspecting users, ransomware is in a league of its own because it sells a very particular product: your own data.
Ransomware is a type of software that uses encryption offensively to deprive you of your data. If you’ve been watching the news, you may have heard of the FBI v Apple debate that is on-going in reference to a cell phone whose data cannot be read because it is encrypted. Cryptography brought us this technique when messages were at risk of interception. In order to make sure enemy agents cannot read your message even if they get their hands on it, individuals and organizations have turned to ciphers to lock the data away from unauthorized access. It was only a matter of time before it became a common computer feature because online interactions are easily intercepted as your messages are sent from your computer and routed through dozens of hops before reaching their intended recipient.
Lo and behold, one day you turn on your computer and a seemingly convincing message from the FBI pops up claiming your computer has child pornography or worse on it. You’ve violated federal law, your data has been locked (via encryption) and you have 3 days to send $200 or more in a money order in exchange for dropping the charges and regaining access to your pictures and documents. If you’re not the only person using this computer, you might be even more likely to believe this is a real FBI message. Afterall, they have your city and state shown below the logo and who in their right mind is going to impersonate the FBI?
Sadly, there’s only one way to get your data back. You need the key to the encryption. If you’ve been struck by an older version of this cryptolocker virus then you might be in luck! Many of the keys used have become public and you can “easily” unlock your data. In one particular case of lazy programming, the author of one of these viruses re-used the same key for all infected users. If you aren’t so lucky, then you better hope you have an offline backup of your data. Otherwise, you’ll need to pay the ransom and trust that these crooks will uphold their end of the bargain and give you a working key.
Why did we mention an offline backup? It is because many online backup services such as carbonite or dropbox synchronize your files in the cloud immediately. As soon as a change is detected to your files, they are quickly copied to the company server. While that’s convenient for most situations, it is decidedly counterproductive in the case of ransomware. Your local data and your online backup will both be encrypted. The only way around that problem is if your online storage provider keeps multiple copies of recently changed files just in case something like this happens.
If you’re against the idea of being blackmailed, you can try your luck with a data recovery service. Encryption is extremely effective only if it has been correctly implemented. Some of these viruses are not mathematically sound and thus the cyber defense community has had quite a bit of success in developing tools to reverse their effects. To protect yourself against this threat to your data, it is critical to keep an offline backup of your data. In case anything happens to your computer and online back-up, the offline storage will be your saving grace.