IT security at the University of Bern

Ransomware - when your computer is encrypted

The digital extortion business is booming. Ransomware - a combination of "ransom" and "malware" (malicious software) - is flourishing. In the daily press, one reads about companies, hospitals, and organizations as being affected - but what about the private sphere? Are private individuals affected by ransomware too?

What is Ransomware?

When ransomware infects a computer or network, it blocks access to the system (locker-ransomware) or encrypts its data (crypto-ransomware). Cybercriminals then demand a ransom from their victims for unlocking the data. The amount usually must be paid in a cryptocurrency such as Bitcoin, with correspondence traditionally carried out over the Darknet.

The "new generation" of ransomware players has no interest in discounts or lengthy negotiations. So when they encrypt the data, they provide a deadline for a ransom payment. Confidential data is published directly or destroyed if the ransom demand is not met.

How does ransomware work?

You can receive malware via an attachment in an email, a file download, or a falsified website.

Once the malware is on your device, you no longer have access or a way of decrypting the data yourself. Sometimes, your screen will suddenly go black, and your device will no longer respond to mouse or keyboard inputs. A menacing text from the perpetrators then appears, threatening the deletion or disclosure of all data on the computer. The text usually contains the following features:

  • A countdown, loading bar, or date shows you how much time you have left. This is intended to emphasize the sense of urgency and put you under pressure.
  • You are prompted to purchase Bitcoins and transfer them to a specified account.
  • Usually, the only course of action left to you is to access a marketplace for cryptocurrencies where you can acquire the ransom money and send it to the perpetrators online. They opt for this payment method as transactions are easy to cover up and thus more difficult for criminal prosecution authorities to trace.

How to protect yourself against ransomware

To avoid having to remove ransomware from your computer in the first place, you should treat unknown files with care.

  • Create a backup of your data regularly. The backup should be stored offline, on an external medium such as an external hard drive. Make sure to separate the medium on which you create the backup from the computer after the backup process. Otherwise, the data on the backup medium may also be encrypted and unusable during a ransomware attack. You can find out how here.
  • Exercise caution when handling emails. You can find tips on how to do this here.
  • Never connect USB sticks from unknown sources to your devices. Perpetrators sometimes leave loaded USB sticks and even USB charging cables (known as OMG cables) around to lure the "lucky" finder into a trap.
  • Use an Antivirus program and keep it updated.
  • Keep your programs and operating system up to date. Updating programs and operating systems regularly helps to protect you against malware. You can find tips on how to do this here.
  • Only use known sources and never download software or media files from unknown websites. Trust the Google Play Store or Apple App Store, depending on your operating system. You can find more information on this topic here.

In the event of a ransomware attack, immediately disconnect your computer from the internet and all attached storage media to prevent further damage. In most malware cases, it is also a good idea to format the hard drive, set up the computer entirely from scratch, and install the backup.

Report the cyber incident to the National Cyber Security Centre (NCSC).

Never pay
the ransome.

While many individuals and companies are tempted to pay the ransom to regain control over their systems, this should only be a last resort in consultation with the police. Paying the ransom motivates the blackmailers and makes you an attractive target for further attacks.