If you find that your computer has been encrypted by ransomware or other malicious software, it means your personal files and data have been encrypted and locked by cybercriminals. They are holding your files hostage until you pay a ransom to get the decryption key. This is a terrifying situation for any computer user, as it means you no longer have access to your own data. In this article, we will explore what encryption means, how it happens, and what you can do if you find yourself in this unfortunate circumstance.
What is encryption?
Encryption is the process of scrambling data so that only authorized parties can access it. It is commonly used to protect sensitive information like banking details, medical records, proprietary business data, and other confidential material.
Valid encryption uses a cryptographic key to lock and unlock the data. Encrypted data looks like random nonsense to anyone who doesn’t have the key. Once encrypted, the only way to restore the original data is to decrypt it with the proper key.
How does ransomware encrypt files?
Ransomware is a type of malware that encrypts personal documents, images, databases and other files on your computer. Attackers design it to extort money from victims by demanding payment to decrypt the data and restore access.
Most ransomware is spread through phishing emails containing infected attachments or links. Once executed, it will scan your system for files to encrypt. It targets documents, photos, videos and other irreplaceable data to incentivize victims to pay.
Advanced ransomware deploys robust encryption algorithms to lock files. Successful decryption is impossible without the cryptographic key the attackers control. Payment is the only way they provide you the key.
Signs your computer is encrypted
Here are some telltale signs your Windows or Mac computer may be encrypted by ransomware:
You can’t open personal files
When you click on files like Word documents, photos, Excel spreadsheets or PDFs, you’ll get an error message saying the file is unavailable, corrupted, or unreadable. Or the file itself has been replaced with a ransom note.
This happens because the ransomware has scrambled the contents of your files with encryption. The original is still there, but the encryption key is needed to unlock and use it.
Renamed files have strange new extensions
Often ransomware appends a new extension to encrypted files. You may see filenames like document.doc.encrypted or image.jpg.locky. This signals the file has been encrypted.
Some common ransomware file extensions include:
- .encrypted
- .locked
- .crypt
- .crypz
- .crypted
Programs on your computer won’t open
Ransomware doesn’t only target your personal files. It may also encrypt program files and prevent applications like Microsoft Office, your web browser, Adobe programs, or other software from launching.
Error messages related to corrupted or unavailable executable files indicate ransomware is preventing programs from running on your system.
A ransom note appears on your screen
The most obvious sign of ransomware is a ransom note or page popping up on your desktop or the screen of encrypted files. This note explains that your files are locked, and how much the attackers want paid to release them.
The ransom demand is often payable in cryptocurrency like Bitcoin because it’s difficult to trace. The note provides instructions for payment as the only way to get an encryption key.
What happens when ransomware encrypts your computer?
When ransomware strikes your computer, it will rapidly start encrypting any and all files it has been programmed to target. This includes documents, media files, databases and any other data.
The encryption happens automatically in the background while you continue to work. You may not even notice at first. Eventually, attempts to open files fail as the ransomware finishes encrypting your system.
Encryption happens very quickly. In some cases, thousands of files can be encrypted in under an hour. The speed leaves most victims powerless to stop it.
Can you undo the encryption?
Unfortunately, reversing a robust encryption algorithm without the key is an impossible task, even for computer security experts.
Simple encryption algorithms can sometimes be cracked without the key through brute force. But ransomware uses military-grade techniques like AES-256 bit encryption. There are no shortcuts to decrypt files without paying.
What about backups?
Backups offer the best chance to recover encrypted files without paying the ransom. But the backup files must not be connected to the computer during infection.
For example, backups on an external USB drive plugged into the computer will also get encrypted. Backups should be stored offline or in cloud storage to avoid compromise.
Should you pay the ransomware demand?
This decision depends on how valuable your encrypted data is and whether you have backups to restore it. Paying the ransom should be a last resort. Here are pros and cons:
Pros
- Paying may be the only way to get your files back
- The decryption key is usually provided after payment
- Low ransom demands may be cheaper than losing data
Cons
- No guarantee your files will be decrypted
- Paying encourages more ransomware attacks
- Cybercriminals may demand additional payments
- Loss of funds due to the ransom payment
When is paying the ransom worthwhile?
For businesses or other parties with highly critical files at stake, paying the ransom can make sense if paying a few thousand dollars recovers millions in invaluable data.
Individual users rarely have files worth paying the ransom for. Backups provide a better option for personal computers. But for businesses, paying is sometimes the most cost-effective outcome.
How much does ransomware cost victims?
In 2020, the average ransomware payment was approximately $150,000. But demands range from a few hundred dollars to millions depending on the victim. Government entities and large corporations often face demands in the hundreds of thousands or higher.
According to research by Emsisoft, ransomware caused an estimated $20 billion in damages for businesses in 2019. Recovery costs from data and productivity loss added to the impacts.
However, a Gartner survey found only 45% of ransomware victims chose to pay the ransom. The rest dealt with the consequences through file restoration, lost data, or complete system rebuilding.
Notable ransomware payment amounts
Here are some examples of major ransomware payments:
| Victim | Ransom Amount |
| Garmin | $10 million |
| Colonial Pipeline | $4.4 million |
| JBS Meats | $11 million |
| Riviera Beach, FL | $600,000 |
How can you recover encrypted files without paying?
Although difficult, there are ways to mitigate and recover from ransomware without giving in to the attacker’s demands:
Delete the ransomware immediately
If you catch the infection early, anti-malware software may be able to delete the ransomware before it finishes encrypting your system. This minimizes damage.
Restore from clean backups
Backups created before infection offer the best chance of recovering your files. Ensure backups are disconnected from your network to prevent encryption.
Use ransomware decryption tools
Some decryption tools exist for older strains of ransomware whose encryption was cracked. But they don’t work for most modern variants.
Format and reinstall the system
As a last resort, formatting the drive and reinstalling the operating system will eliminate the infection. But you lose all files unless you have backups.
Consult a data recovery specialist
In some cases, experts may be able to recover bits of encrypted data by examining the drive. This offers limited success, but is an option.
How can you protect your computer from ransomware?
Prevention is critical since ransomware is so hard to reverse once it strikes. Here are key tips to guard your computer:
Install reputable antivirus software
Antivirus with real-time protection can detect and block many ransomware Trojans before encryption starts. Keep antivirus updated.
Perform regular system backups
Back up your computer on a regular basis so you have clean files to restore from if infected. Store backups offline.
Beware phishing emails
Don’t open attachments or click links in emails from strangers. This is ransomware’s #1 vector.
Enable macro protection in Office
Block Office macros, as ransomware often relies on malicious macros to launch.
Patch and update software
Keep the operating system, browser, apps and all software updated to reduce vulnerabilities. Sign up for automatic updates.
Use ad and pop-up blockers
Ransomware is distributed through malicious ads and pop-ups. Block them in your browser.
Staying vigilant is key. Backups and cybersecurity software provide your best defense against the growing threat of ransomware. Don’t wait until it’s too late to take precautions.
Conclusion
Ransomware can happen to anyone through a single infected email or website. If your computer becomes encrypted, stay calm and assess the situation. Check for backups to restore your files and remove the infection. While frustrating, even ransomware is manageable with good security practices. Maintaining reliable backups and using cybersecurity tools gives you the upper hand.
