Fake ransomware methods
Today, though, some criminals aren’t encrypting your files – they just falsely tell you that they have encrypted them. The fake ransomware criminals prey on the fear and panic that ransomware threats bring instead of calmly taking the time to use a decrypting tool or rebooting the software.
Worse, they may have already deleted or destroyed your files which means that paying the ransom won’t do you any good. In this scenario, the criminals may let you see one encrypted page to make you think your data can be restored – when it can’t.
Alternatively, they may have encrypted your files but have no intention of restoring files or giving you the decryption code. If you pay the money, your files, photos, databases, and other digital information will not be restored. However, there is an ironic downside for the criminals in not giving the files to companies that pay the ransom fee: if too many criminals fail to restore the data, then businesses will never pay the ransom.
Defenses to real and fake ransomware
IT administrators should anticipate that their information might be subject to ransom. Common defenses include taking steps to minimize data breaches and having backups that are offline and can be used if the data is destroyed. As more and more information is open to attack through the Internet of Things, strategizing for malicious attacks are becoming more and more important.
IT departments should also work with software vendors who understand how to circumvent ransomware if a threat occurs and how to isolate parts of the software so that that key components can stay operable. In general, ransomware is sent through attachments or malicious links, so it’s critical not to open any files or use any links that you don’t trust.
Often the criminals who are making “honest” ransom demands will identify who they are. For example, by saying they are Linux.Encoder. Others provide a support email address. With fake ransomware, the people making the demand don’t identify themselves, directly or indirectly. They lock your screen and prevent you from leaving it unless you understand the right commands. IT departments should try closing the ransomware demand window by using Windows-commands or other commands. The criminal may have created the vision of threat without actually installing the malware.
Fake ransomware (payment of the fee will not restore the data or the data was never really destroyed) usually requires using security experts who can tell you what damage has been done to your data, so you can decide whether to respond or not.