Understanding Ransomware

Ransom-Ware is a new form of malicious software or virus activity that has surfaced and can be very damaging. The information below could help protect you and your company from this aggressive threat. Due to the aggressive nature of this threat, traditional protection methods such as Anti-Virus software, Spam filtering and Firewall protection are often being bypassed .


There are a number of Ransom-Ware viruses that are active, the most popular being “Crypto-Locker”, which is malicious “hijacker code”. These viruses will encrypt your data files and demand you pay a “ransom” to the criminals to get the codes to unencrypt those files. In many cases the criminals are following through on their promise and returning your files to an unencrypted state. But now always and payment to get your data back is only ever considered as an absolute last resort.


The criminals behind these viruses have made over $20,000,000 US from people paying the ransom. There are now a number of copycat viruses that have surfaced in light of the success of the initial virus and its first copies. With such financial gain, the efforts behind these viruses is very advanced and serious. If anything, these viruses will be more prevalent and more sophisticated in the future not less.


This nasty virus detects the data files of a user and wraps them in strong encryption, rendering them unusable. This is both the local user data and any connected remote shared folders that live on your network system and file server(s). It encrypts every data file it can find without mercy! By the time it notifies you of its existence, it’s already encrypted your files.  The problem is that you could get rid of the malware itself easily, but the files are still encrypted, and without the malware you cannot decrypt your files anymore. You actually need the virus to fix your files! Surprisingly enough, the bad guys do sometimes live up to their criminal promise (if their payment servers are working) and decrypt the files if you pay. The decryption takes time to complete. Note that the key that “unlocks” your files is unique; you will not be able to use anyone else’s key.


The strategy behind this virus is to trick the users into clicking on links in emails that take them to a web site that plants the virus and starts the encryption or downloads a file that does it. This concept of tricking the end user is called “Social Engineering”. These emails are crafted to look like legitimate emails from senders that you may trust.

Emails from banks and other organizations are typically used. There are ways to tell that these emails are not legitimate. The difficult part of this infection is that it is initiated by the user. Clicking on a link in the email or opening an attached file are the actions that start the “Ransom-Ware” process in your environment. Due to it being user invoked, it bypasses all the protection layers in both the users computer and the overall computing environment.

The only solution for this situation is for the users to have awareness and knowledge so they don’t get caught by this crafty and viscous virus activity.

If you see a message like the one below, it may already be too late.



There are a few ways to determine if an email is legitimate:

1. Who – is this email from – does it make sense they would send you an email? Is it coming from a domain (the part after the @ sign) you recognize?

2. What – are they asking you to do? Verifying information over email is only usually done when you request a change to an account, if you didnt’ request it yourself by clicking on a link on a related website you can be sure it’s fake.

3. Where – do links in the email go? You can hover over them and see the URL that you are being sent to and can verify if this is the actual sender.

4. Why – are they sending this to you? Do you have a relationship with this company? Does it make sense that they are asking you to do something in this email?


Malware researchers from almost all antivirus companies are furiously working on a way to prevent this from occurring, and some are able to block it from running, but these bad guys are very sophisticated; decrypting the user’s “Crypto Locked” files requires access to both the public and private keys used to encrypt them.

While the Anti-virus designers are furiously working to keep you from getting infected in the first place, once you’re infected they can’t help get your files back.

Moreover, they change their malicious code all the time, and your antivirus might catch it today – but it most likely wont tomorrow. Antivirus companies are not able to decrypt the files, only the Cryptolocker malware can do the decryption.


The impact on your business can be devastating from both a loss of data and cost of recovery perspective. It’s likely that if you are infected, crucial data that you use to run your company will not be available when needed and that there could be a very big impact in productivity and customer service. We cannot express enough, the need to have all your staff aware and trained on how to avoid this kind of infection.


  • Emails that are designed to trick you are called “Phishing” emails
  • We have put as many roadblocks in place as possible to protect against these emails but only YOU can prevent getting infected by these “Phishing” attempts

that are designed to trap you into clicking on links and attached files.

  • DO NOT click on links or files in emails that come from someone that you do not know – or if they are from a trusted source, make sure they do not contain any strange URL links or attached files like our examples.
  • When you have an email from a trusted source, read the messaging carefully, many of these messages will have grammatical errors or overall poor English which is a KEY indicator.
  • Look at the senders email address, if it is from apple, it will be apple.com – NOT from apple.someweirddomain.com – a common trick.
  • Many emails have links at the bottom that send you to the companies web site for things like privacy statements etc… Crafty senders keep them alive so you think the email is legitimate, so be very careful.
  • When in doubt, DO NOT click on anything in the email until you can verify it is safe or your completely familiar with the sender and content.
  • Did you know – in Microsoft Outlook, you can permanently delete an item by pressing and holding the “shift” key first then clicking delete? This will delete the email permanently and it cannot be retrieved from your deleted items. This is a good practice for emails you confirm to be “phishing” attempts.


We cannot express enough, the need for effective and proper protection. Up to date Anti-virus, business grade anti-spam, software and hardware firewalls and regular off-site backups.

If you don’t feel you’re currently doing all you can to stay protected from these threats give us a call at Outhouse IT for a no-cost review of your current IT.

To book your FREE (no obligation) Business Technology Assessment please call us at 905-366-8234.