Ransomware is a class of malware particularly aggressive. When a ransomware class virus hits a computer, locks completely all operating system functionalities and asks the payment of a ransom to get back your computer usable.
Ransomware is really awkward. Spyware, keyloggers, phishing techniques may produce a bigger danger on the privacy side but ransomware may seriously threat our data and in case of a missing backup, the damage generated by data loss may be a serious matter.
How it works?
A mail, a malicious website, a pirate software/content or a well exploited vulnerability may all be vectors of ransomware infection. Email attachments are the largest source of infections for this kind of malware.
Once a user activates it on his own machine, the ransomware takes the control of the computer. What’s worst is that it downloads a public encryption key generated on the fly for your system and starts to encrypt all the disks and network storages with this public key.
Once you have all files encrypted he locks all the functionalities and asks for the payment of a ransom in the untraceable bitcoin value.
If you do not perform the payment within a defined number of days (eg. 3 days) the private key usable to decrypt all your files will be deleted and nothing can take your data back in a readable form. Your data’s gone!
Obviously paying the ransom does not assure that the story will end with an happy ending, like ransom paying in real life chrimes.
That’s nothing can save your data from a ransomware that is different from a well made backup.
Once you have your data constantly backed up, into different storages not directly accessible from the os, you are safe. If the ransomware canno’t reach your backup infrastructure with write privileges, all you have to do is completely wipe your system and restore data.
Otherwise, contact your security expert or your antivirus provider to have assistance but, once data is encrypted with a strong algorithm, really nothing (but NSA 😀 ) can give your data back without the private key.
So it’s better to prevent the infection, avoiding every interaction with suspected websites, emails and adopting a wise behavior using the net and a well configured and reliable antivirus and security configurations.