Ransomware is really bad. It encrypts your files and demands you cough up money to get it back. So what could be worse than having to pay thousands of dollars in ransom? Read on.

Doxing Your Data

When your machine is infected by ransomware and you refuse to pay, usually that data simply stays encrypted and irretrievable. However, some strains of ransomware – doxware – will release all your private and business information online.

In a lot of ways, this is a lot worse than them simply blocking access to your data. This could be your customer’s name, address, banking information, or even private medical records. How do you tell them that their private data is circulating on the internet thanks to you?

Another harmful dimension of doxing is when private chat conversations wind up in the public sphere, often with your name (or your company’s) attached to it.

Demand You Infect Others

What’s worse than having your private or business data encrypted? Being told you’ve got to infect two other people to get it back. This is a ‘pyramid scheme’ kind of ransomware, except instead of getting money you’re getting your own data back (at other people’s expense).

Ask You To Send Naked Pictures

In 2017, a ransomware strain called nRansom was discovered. Technically not a cryptor but a blocker – which blocks access to your computer – this ransomware had an unusual request.

It didn’t want money to unlock your machine. Instead, it demanded 10 nude pictures of you, which you were to upload to an email address if you wanted access back. These photos would then be sold on the Deep Web.

These pictures, attackers assured, would be verified as really belonging to the victim before sending the code to unlock your device.

Thankfully, this particular strain was remarkably easy to beat (Using the world’s worst password of “12345”), to the point it is considered a joke. However, it goes to show that there are worse demands than money that can be made by a ransomware strain.

Lock Down Emergency Equipment

Ransomware makers hit a whole new low when they started attacking hospitals and emergency services. There have been many instances of malware interfering with vital medical equipment, stalling surgeries, shutting down equipment used by 911 respondents, and generally causing havoc.

It’s one thing to lock down business data, but ransomware can also interfere with life-saving devices and services, which is far worse.

Demand your Credit Card Information

Some ransomware strains will ask for your credit card information. This could be considered worse in a lot of ways – you’re giving your credit card details to known hackers who operate on the dark web.

However, arguably this makes it easier to track down the cyber criminals who are accessing your bank account, as opposed to usual ransomware payment methods like BitCoin or gift cards.

Delete Your Files (For Several Reasons)

Often, ransomware will threaten to delete your files if you fail to pay the ransom. There are several nasty ways this can go down.

  • One-by-one: The ransomware decides to delete your files one by one until you pay. The Jigsaw ransomware is a prime example of this.
  • All at once: You don’t pay by the allotted time, and it just wipes all the already encrypted data on your machine.
  • You pay, but it deletes anyway: This happens more often than you think. This is particularly frustrating because not only do you still lose all your data, you also just gave over hundreds or even thousands in BitCoin to the perpetrator.

Keep Hitting You For Ransom

A lot of individuals and businesses pay the ransom, only to find the perpetrators never leave the system. Instead, they come knocking like a protection racket every so often, locking down your data and getting you to pay up again.

After all, at the end of the day what have they got to lose? Except your data, which they’re holding ransom.

Read You Terrible Poetry

Some ransomware strains, to add insult to injury, read you really bad poetry. One prime example of this is WhiteRose virus, which blathers on like a teen’s English Lit assignment – or Vogon poetry.

“I do not think about selling white roses again. This time, I will plant all the white roses of the garden to bring a different gift for the people of each country. No matter where is my garden and where I am from, no matter if you are a housekeeper or a big company owner, it does not matter if you are the west of the world or its east, it’s important that the white roses are endless and infinite. You do not need to send letters or e-mails to get these roses. Just wait it tomorrow. Wait for good days with White Rose.”

Of course, at the end the poetry seems to end with a rather less poetic “download qTox and pay us our ransom.” Clearly, there are rogue poets with coding skills looking to pay their bills.

Encrypt Your Backups & Backup Media

If you’re making regular backups of your data, you’re doing the right thing to protect yourself from ransomware. So long as your backups remain uninfected and current, you won’t have to pay to get your data back.

However, what if your backups and backup media are also encrypted? Ransomware can find destinations even if they are unmapped, so your backups are at risk. While air gapping them goes a long way, ransomware can stealth into your backups before you know it is there, laying dormant until its ready to strike.

As terrible as that scenario is, there’s a great solution for this out there. BackupAssist‘s CryptoSafeGuard tool protects your backups from ransomware by stopping infected files from being backed up, and your backups from being encrypted. Read more here.

Combined with other solutions like firewalls and antivirus software, this provides an excellent defense against ransomware attacks.

 

Posted by Adam Ipsen

Leave a Reply