Ransomware, adware, etc. – how can you protect yourself?

Articles on malicious software are seen more and more frequently: attacks on companies, institutes, personal computers, and even hospitals are no longer uncommon. The attacks are carried out in a variety of ways: for the various types of malicious software, the keywords ransomware, spyware, adware, and scareware are used. The 'ware' part of the word is an abbreviation for 'software'. They all describe different forms of malware ('malicious software'), but what does each individual term mean? How severe is the threat? How can you protect yourself against malicious software and remove it from your computer if your system gets infected?

Ransomware: how to protect yourself from 'blackmail trojans'

The first portmanteau comes from the words 'ransom' and 'software'. Extortion, cryptolockers, and encryption robots are often mentioned in this category, and they all work in the same way. The malicious software encrypts all the files on a computer – or even a whole network – and displays a command (instead of the usual interface) explaining what the user must do in order to get their files back; a kind of blackmail. Ransomware spreads in a similar way to other computer viruses: it usually arrives on the targeted computers through fake mail attachments (such as alleged invoices, delivery notes, ZIP files, etc.), security gaps in the web browser, or file hosting services such as Dropbox.

How ransomware works

The most common method, however, is sending e-mails en masse using bot networks. Cybercriminals can use spambots to automatically send the e-mails with infected attachments. Downloaders are hidden among the fake attachments and these contain the actual encryption trojan. In general, the mails put the recipient under pressure by imitating actual companies trying to get in contact with their customers.

This method isn’t new, but the threat has become more severe since the start of 2016: The number of ransomware attacks increased threefold between January and September. The security company Kaspersky Lab has declared that the rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds during the period mentioned above. For consumers, one attack every 10 seconds occurs.

The malicious programme has caused millions of dollars in damage worldwide and doesn’t even stop when it comes to hospitals. In addition to a hospital in Los Angeles, numerous other hospitals, companies, and personal computers have been encrypted. The ransomware family, TeslaCrypt, struck even more frequently.

Protective measures and methods of removing ransomware

There are numerous preventative measures that you can take against ransomware. First of all, you should try to recognise fraudulent e-mails. If you are unsure of any e-mails, you should be skeptical and not click on them. Only open attachments when you can be 100% sure that the content is authentic and you can trust the source. It is also recommended to…

  • Keep the operating system up-to-date as well as your anti-virus software. Otherwise new threats won’t be detected.
  • Regularly backup the most important files on an external storage medium. If you experience data loss, you can easily restore the data.
  • Always keep the operating system’s firewall on; it can provide additional protection, and does not work with administrative rights.
  • Not use software with known security gaps; an example is the Adobe Flash Player. This is due to websites not needing to be converted into HTML5 anymore.

If it’s already passed this point, what can you do in case your system has been encrypted by ransomware? Whether the ransomware can be removed strongly depends on the respective encryption method. Some can be detected and removed by common anti-virus software. Others are stubborn: in any case, the computers should be disconnected from the network and switched off. Rescue CDs can be used to avert some of the threats: these rescue discs are available from the manufacturers of popular anti-virus software, such as Kaspersky, AVG, or BitDefender.

In addition, starting up your computer in safe mode can help. This ensures that only the most important system functions start up. In this secure environment, the system can be reset to an earlier point under 'System control' in the 'System and security' menu, but only if a restoration point has previously been set. However, the system usually generates this automatically for updates or programme updates.

As a last resort, you can also use the command line to execute special decryption tools that have been developed against specific encryption trojans. PCWorld explains how to rescue your PC from ransomware in their article.

Remove adware and spyware: how to get rid of snooping software and protect your data

Spyware refers to spy programmes that, in the most harmless case, reveal user behaviour and interests for advertising purposes. In worse cases, credit card details, passwords, or other sensitive data can be stolen. In particularly malicious attacks, spyware is installed together with so-called keyloggers, which track user input and forward it to the developers of the particular malicious software. The first, less harmless case refers to adware. The word comes from 'advertising' and 'software'. These programmes often make no secret of their true intent. They often come as optional additional content with an installation client that’s on the computer and can also be easily uninstalled there. In many cases, these are browsers for the toolbar or search bar of unknown search engines. What the user enters into these search bars can be used to present customised content to them in the form of banners or pop-ups. Automatically changing the homepage or the standard search engine is possible – procedures that can be easily reversed, but are still troublesome.

Adware: how to remove unwanted browser tools

It’s best to not install adware at all: When you install free programmes from the internet (freeware), do not select the default installation – even if you trust the installation client’s source. Additional programmes are often installed without informing the user. It is only when the browser is next opened that it becomes apparent. It’s a good idea to take your time and go through the installation step by step. For each step of the installation, check exactly what needs to be installed and uncheck the boxes for unwanted programmes.

If you have installed adware by accident, you can easily remove it. Many toolbars can be uninstalled in the operating system’s control panel under 'Programs and Features'. In any case, you should check all installed browsers and delete the toolbars individually and manually if they still appear in the add-on or plug-in overview. You can also customise the default search engine and the homepage manually in the browser settings. If the malware cannot be uninstalled this way, you need to take more severe measures.

For example, the programme AdwCleaner searches and removes numerous forms of browser toolbars and hijackers. This effectively removes many forms of adware. If an installation is not necessary, you can also run the test from an external medium such as a USB stick or a CD. You have to exercise caution when downloading the programme, just like with every version of freeware, since there are lots of fake versions in Google results. Further information on AdwCleaner is mentioned in this article. After cleaning your computer and the browser, you should still perform a full system scan with your anti-virus scanner.

What is spyware, how can it be recognised and removed?

The distinction between adware and spyware is usually not very clear since they are both quite similar, although spyware is usually much more aggressive and better disguised. While adware usually appears hidden in the app and programme overview, and can be uninstalled, spyware is more hidden and runs in the background. Keyloggers, which record users’ keyboard entries, also fall under this term: this is where PINs, passwords, e-mail addresses, and other sensitive information are stolen. You usually notice this malicious software when the virus scanner or the firewall detect it. If this is not the case, for example, because you haven’t updated your virus scanner, or if there isn’t one installed, you will not notice the intruder until your computer starts running unusually slowly.

If you are suspicious, you can check the CPU utilisation in the Task Manager (press Ctrl+Alt+Del and then 'Start Task Manager') and search for unfamiliar processes. Some trojans disguise themselves as supposedly known processes. For example, if the browser isn’t open, but an overview of the active processes is still displayed, it could mean that a trojan is at work. You can also get an overview of the network usage under the 'network' tab. If there are any unusual activities here, this could also be an indication of snooping software in action.

Here, the most important protective measure is installing anti-virus software and making sure it’s up-to-date. The programmes detect malware and render them harmless. Even free virus protection is better than nothing! In addition to the aforementioned AdwCleaner, the following programmes are available for Windows systems and each come with free versions:

  • Antivir: Avira Free Antivirus
  • AVG Antivirus Free
  • Kaspersky Free Antivirus
  • Malwarebytes Anti-Malware

As with the removal of ransomware, rescue disks can help in particularly tough cases – if disinfecting the computer is no longer possible using functions of the operating system and an installed anti-virus software. An example is the Kaspersky Rescue Disk, which can be downloaded via the manufacturer’s support page. You must then burn a CD or DVD from the downloaded ISO image file. You can choose which burning programme to use (e.g. Nero Burning ROM). Now you only have to change the boot order in the BIOS ('basic input/output system') and specify that the computer should boot from the CD or DVD the next time it’s switched on.

You can reach the BIOS via one of the function buttons, depending on which mainboard is installed on the computer, since the computer shows the correct one when switched on. In the BIOS, you can change the corresponding settings under the 'Boot' menu item. Save them, restart the computer, and press any key when a screen prompts you to do so. You can now choose between a pure text representation of the rescue programme and a graphical interface. Now, the system will be trawled for any kind of malware and cleaned up.

Scareware: how does this panic software work?

Scareware is a particularly deceitful: the malicious software is supposed to scare the user and is usually camouflaged as a supposed anti-virus programme, which warns users against an alleged attack by viruses or trojans. In reality, however, the warning itself is the malicious software. The scared user receives a pop-up window with a warning. The scareware states it will carry out an alleged clean-up of the computer for money or asks you to purchase a new version of the fake programme. After the victim has paid, the message allegedly disappears. If the payment has been made by credit card, the cybercriminals now have access to sensitive credit card data.

Some scareware pop-ups look suspicious because of their flashing designs and so can be easily spotted. Others are more sophisticated and try to imitate the appearance of authentic anti-virus software, and even offer pre-fledged support via phone or e-mail. But how can tell whether it’s deception and then remove the scareware? Basically, you should look closely at every warning: is the message actually from a programme that you’ve installed yourself, or was it pre-installed on your computer? If not, you are most likely dealing with scareware.

No reputable anti-virus software will use a virus warning to try and panic you and at the same time capitalise on your fear. Although free anti-virus programmes occasionally offer upgrades to more comprehensive and paid versions, authentic anti-virus software (also free) offers emergency help when it detects an infection, without asking for money. Scareware also tries to make the threat seem more serious with a list of viruses that your computer is allegedly infected with, but numerous infections are extremely rare and unlikely. It’s possible to remove scareware with popular and authentic anti-virus programmes. Once again, the programmes should also be accessed through reliable and trustworthy sources, either via the official manufacturer site or authentic IT portals.