Potentially Unwanted Programs (PUPs) – What you need to know.

Malware, Trojans, Bugs – these very words strike fear in the heart of all of us, evoking images of lines of falling code, skulls and crossbones. These malicious programs are the filth of the Internet, the proof that with every useful technology there is an equal and opposite piece of garbage that at times could have adverse effects on your system.

A potentially unwanted program (PUP) is exactly what it sounds like; software that you may or may not want clogging up your system. PUPs are similar to malware in that they cause problems when downloaded and installed, but what makes a PUP different is that when you download one, you are doing it with your consent.

The term PUP was first coined as a means of defining this downloadable adware or crapware as something other than malicious software. PUPs often employ huge amounts of system resources and are a common cause of clunky operating systems, but are not considered malicious or harmful. However, they are often annoying, creating new toolbars in your web browser for shopping sites, changing your search provider from Google to Bing without reason, popping up ads constantly or giving you regular weather updates from Swaziland. Some are even aggressive by intentionally slowing down your computer to later sell you system-tuning or miracle speedup tools.

Adware loads annoying toolbars into your web browser

Why do PUPs exist? To earn revenue for software developers who are providing their software for “free”. For each successfully installed browser toolbar for example, a freeware maker earns about $2. Some PUPs exist just to make cash without ever providing anything useful to you.

So, how do you get one (or ten)?

A PUPs behaviour is usually outlined in a EULA (End User License Agreement): this is that really long document that appears while you are going through all of the the installation windows happily clicking accept to get to the end of it all. But, this seemingly useless directory of legal speak, lists out a program’s intentions. PUPS require your approval via that accept button in order to be installed. They count on you approving the download yourself. This protects software developers from any legal action. They rely on your speed to get through the installation process and expect that you won’t read the EULA before scrolling immediately to the bottom and hitting that ever-so-satisfying ACCEPT.

So, how do they get into your system?

Like the Christmas paper on your shiny new toy, PUPs are wrapped around your downloads and not only from the small freeware vendors. Many big names bundle pups too, such as:

 

Adobe Acrobat reader asks you to approve auto updates

 

Microsoft- Skype asks you to change your browser and homepage

 

Oracle adds toolbars through the Java installation

Another way that PUPs find their way onto your computer is through download portals; those sites you visit to update your Adobe products or to find a decent media player. Most portals claim to offer “clean and safe downloads.” However, trusting any download portal at all has become risky due to litters of bundled PUPs teamed with software reviews on the site that don’t quite seem legit.

We researched how many PUPs were tangled in with the 50 most popular applications on Download.com where we found that 31 out of 50 tested Download.com applications bundled PUPs. See: Top 50 Download.com applications bundle toolbars and other PUPs.

Shocked by the results, we decided to look into the habits of the ten most popular download portals (other than download.com) to see which, if any, were safe to use. We downloaded their top ten most popular applications and noted exactly how much crapware came with them. We discovered that nearly every download portal contained at least one or more PUP. See: Mind the PUP: Top download portals to avoid

The problem with the bright green button.

You decide it’s time to organise all of the photos on your computer. They’re sitting around in messy folders and it’s impossible to find any specific photo when you need it. So you download a photo program to help you organise them and even edit them if you so choose. Download.com has a list of programs right there on it’s landing page. You choose your program and there glows that bright green icon. The DOWNLOAD NOW button is the only thing standing between you and the answer to all of your photo organisation problems. You click it! Excellent! No more messy desktop. Except, wrapped in that express download button you’ve also downloaded three PUPs.

The secure link is a safer download option

There are multiple players involved in the distribution of Potentially Unwanted Programs (PUPs). As a result, you can face something that’s best described as Cascading PUPs. Rather than one PUP offer during your installation process, you can end up with a sequence, one after another.

One of the many ways this occurs is when a PUP bundles extra PUPs into its download. While downloading your desired program, you accept a PUP toolbar without paying attention. But, that one PUP comes with and installs even more PUPs without your knowledge.

We researched the effects of cascading PUPs in detail by downloading popular KPlayer and following the installation process. We sought to download one program. We completed the process with 6 PUPs! See: How Downloading One Program Can Give You Six Pups.

Watch out for fake software updates. These are often pushed through temporarily created websites that have been developed for Adsense. These sites are wrapped in downloaders that will prompt you to update your Flash Player or Java. There are companies that create hundreds of sites a day purely to mislead you and lead you to their site.

There are many many more ways you can be inundated by PUPS. In fact, there are so many ways, we bundled them all for you. See: Top Ten Ways PUPs Sneak Onto Your Computer

So who benefits from PUPs?

Software vendors: the software vendor (seller) gets money from the PUP developers (creators of adware) for each install. We provide examples in this article.

Download portal: the download portal gets money for the PUPs they install through their installer (wrapper/bright green Download Now button). The software vendor is generally not involved or benefiting.

PUPs: with a bit of camaraderie, some PUPs work together to install each others products, and pay each other in the process.

Here’s where it get’s scary.

A recent development in PUPware is in the use of rootkits; an infection that hides itself, its own data and other files so that they cannot be seen by you or your operating system. Intercepting and receiving messages from your computer it redirects information and reports back to the mothership what ever it wants. The use of rootkits in adware is blurring the lines between merely unwanted junk, and active malware.

This can be seen even more clearly in a new PUP known as ‘Faster Internet’ which, once installed, will create a fingerprint of your computer. This information is then uploaded to the developer’s server with screenshots of the active display on your computer and sends this along with your IP address to it’s server. Bordering on spyware, this piece of adware is a blatant violation of your privacy.

But wait! I saw a pop-up that was trying to help me! Enter the interactive PUP, scaring the daylights out of poor Mr and Mrs Smith by displaying online advertisements that try to scam us into thinking that our computers have a serious problem. This is done to trick you into calling the listed support number so they can scare you further into buying their services.

Fake alerts may ask you to call an anti-virus company

Sadly, there are ever more and more ways to be infected and while Adware installers continue to have little or no law regulating them, developers will remain out of control.

PUPs and the antivirus industry

Terrifyingly, after big vendors such as Oracle (Java) and Microsoft (Bing and Skype) started bundling, ethics in the software industry seem to be lost completely, as even antivirus vendors have joined the game, bundling PUPs with their software. We researched practices among the freeware antivirus vendors and the results were troubling. We found that 7 out of 8 tested free antivirus suites were bundled with PUPs. See: Has the antivirus industry gone mad?

Emsisoft is anti-PUP

During the last few years, the threat landscape has shifted significantly. When the Emsisoft team checked the latest infection statistics we found that 3/4 of all findings of Emsisoft Anti-Malware today were PUP related. The number has increased massively during the past years. See: What is Emsisoft really?

But where there is a problem, there is also a solution. We at Emsisoft maintain high ethical standards that define how we approach all threats; always with our users in mind. While many antivirus products fail to detect even the most common PUPs -and in fact install PUPs themselves directly with their own products- Emsisoft is widely recognised for removing them efficiently.

The number of PUP detections is increasing

 

PUPs make up 79% of infections

While we are part of the solution, it is important that you are able to recognise PUPs before you download them to avoid any problems in the first place.

 So, to summarise:

• PUPs want to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.


•  PUPs use aggressive distribution methods to get on your computer:  because in the large majority of the cases, you will not be aware that you are installing a PUP.


• Most PUPs don’t have any significant value or advantages. PUP producers get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.


• PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this.

Phew. So, now that you know what they are and how to get them, how do you avoid PUPs?

• Be cautious, use common sense and take your time. Read carefully when installing anything. Don’t click accept until you are sure you are willing to install everything mentioned in the EULA (End User Licence Agreement.)


• Only use reputable download sources such as the official site of the product you are downloading.


• Avoid download portals and NEVER download or install applications that seem suspicious or malicious.


• Install, update, and run a reputable antivirus software, such as Emsisoft Anti-Malware that offers real-time protection against PUPs.


• Clean your computer periodically with the Free Emsisoft Emergency Kit.

Have a happy (PUP-free) day!

Your Emsisoft Team.

Related Posts:

• How downloading one program can give you six (!) PUPs


• Mind the PUP: Top download portals to avoid


• Has The Antivirus Industry Gone Mad?!


• Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid…


• 62% of the Top 50 Download.com applications bundle toolbars…

Potentially Unwanted Programs (PUPs) – What you need to know.

Video: Emsisoft Anti-Malware vs. PUPs

If you google ‘PUP’ you will get the most amazing images of cute little dogs. So cute even lovers of cat videos won’t go without a smile on their face. No, really. Try for yourself! Pups make you smile. Sadly, that’s not what this is about. It’s about the nasty sort of PUPs we all come across quite regularly. At home. At work. Just everywhere. They do not make us smile at all. The PUPs we’re talking about are Potentially Unwanted Programs, in fact a very common problem for PC users.

The main characteristic of a PUP is that it installs on your computer even if you don’t want it, by using tricky techniques to bundle with good programs. It’s just there and you have no idea how it got there. This happens behind the scenes, without your knowledge. Truly a nasty PUP. The result is a slower system, annoying pup-ups – sorry… pop-ups and a good chance that someone is collecting all your data without you suspecting anything.

Lucky for you, the great minds at Emsisoft have not only researched this topic quite intensely in our latest blogpost, we also set up a video for you to review step by step how our Emsisoft Anti-Malware software can protect you from nasty PUPs. So you can now actually sit back and watch some awesome ideas how to get rid of nasty PUPs.

For the best viewing experience, a full screen icon (right bottom corner) is available after starting the video.

Related Posts:

• Emsisoft Emergency Kit against a badly infected system


• Video: Emsisoft Surf Protection vs malicious hosts and…


• Video Review: Emsisoft Internet Security 9 scores 100%


• How downloading one program can give you six (!) PUPs


• Emsisoft Update Cleans Up Database and Identifies Over 6000…

Video: Emsisoft Anti-Malware vs. PUPs

Video: Emisoft Anti-Malware vs. PUPs

If you google ‘PUP’ you will get the most amazing images of cute little dogs. So cute even lovers of cat videos won’t go without a smile on their face. No, really. Try for yourself! Pups make you smile. Sadly, that’s not what this is about. It’s about the nasty sort of PUPs we all come across quite regularly. At home. At work. Just everywhere. They do not make us smile at all. The PUPs we’re talking about are Potentially Unwanted Programs, in fact a very common problem for PC users.

The main characteristic of a PUP is that it installs on your computer even if you don’t want it, by using tricky techniques to bundle with good programs. It’s just there and you have no idea how it got there. This happens behind the scenes, without your knowledge. Truly a nasty PUP. The result is a slower system, annoying pup-ups – sorry… pop-ups and a good chance that someone is collecting all your data without you suspecting anything.

Lucky for you, the great minds at Emsisoft have not only researched this topic quite intensely in our latest blogpost, we also set up a video for you to review step by step how our Emsisoft Anti-Malware software can protect you from nasty PUPs. So you can now actually sit back and watch some awesome ideas how to get rid of nasty PUPs.

For the best viewing experience, a full screen icon (right bottom corner) is available after starting the video.

Related Posts:

• Emsisoft Emergency Kit against a badly infected system


• Video: Emsisoft Surf Protection vs malicious hosts and…


• Video Review: Emsisoft Internet Security 9 scores 100%


• How downloading one program can give you six (!) PUPs


• Emsisoft Update Cleans Up Database and Identifies Over 6000…

Video: Emisoft Anti-Malware vs. PUPs

RAA, a new Ransomware variant using only JavaScript

While JavaScript ransomware is not new (see for example this article about Ransom32), we recently encountered a new ransomware variant, known as RAA, that exclusively uses JavaScript in order to encrypt personal files using AES. Just to add a little extra, this ransomware also drops Pony malware (a well-known info-stealer).

New about this is that the ransomware is distributed without using the nw.js framework or being packed into an executable. In order to ensure proper AES encryption of the targeted files to be held ransom, it has included the CryptoJS Library.

The malware is typically spread using malicious email attachments pretending to be .doc files. To make this believable, the first thing it does when executed, is drop a file in the %userprofile%\documents folder and open that with WordPad, pretending it is corrupt.

Fake corrupt document

Translated from Russian, this means:
Error! Error code (0034832)

This document was created in a newer version of MS Word and cannot be opened by your version of WordPad

Refer to the file publisher or open the content using MS Word 2013

Some items cannot be displayed correctly.

To ensure the ransomware is loaded on each startup, a run value is created that points to the original dropper as can be seen in the image below.

Creation of the run value.

Furthermore, to make sure that files cannot be recovered using the File History option, the Volume Shadow Service (VSS) is deleted. As a result, when an attempt is made to restore older versions of an encrypted file, no previous versions will show up and the following error will be shown when an attempt is made to access System Restore

System Restore error message.

Deletion of the VSS service.

The next step is the actual encryption process, using the included CryptoJS library. Encrypted files will get .locked appended to the original file name.

Encryption Function

Files with the following extensions will be encrypted: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar .csv Files with names that contain .locked, ~ or $ will be skipped.

List of extensions to be included and excluded strings.

The following folder names are excluded in the encryption process: Program Files, Program Files (x86), Windows, Recycle.Bin, Recycler, AppData ,Temp, ProgramData and Microsoft

List of folders to be excluded.

To “assist” the victim, a ransom note in Russian called !!!README!!![unique ID].rtf is created on the desktop (where [unique ID] is the unique ID created during the infection process), requesting a ransom of 0.39 Bitcoins or 250 USD. Its content is as follows.

Russian ransom note.

Thus far we focused on the encryption part, however this malware also drops an executable known as Pony info-stealer in %userprofile%\documents\st.exe, which is included in the JS dropper as a base64 encoded string. Pony malware is capable of stealing sensitive information (for example passwords stored on your computer) and sending them to a remote attacker. After extracting the base64 encoded string and creating the st.exe file, this file is executed as well and the info-stealer is installed on the computer.

SHA1 hashes of the malware:
RAA: 2c0b5637701c83b7b2aeabdf3120a89db1dbaad7

Pony: 822bf6d0eb04df65c072b51100c5c852761e7c9e

Unfortunately decryption of files encrypted by RAA is currently not possible, which only proves that having a backup of important data really is a must! Emsisoft users are protected from this malware by our Behavior Blocking technology that will intercept and remove this malware before it can do any harm.

Behavior Blocker alert for RAA

Behavior Blocker alert for Pony

 

 

 

 

 

 

 

 

Related Posts:

• Decrypter for HydraCrypt and UmbreCrypt available


• Ransomware Cryptowall makes a comeback via malicious help…


• CryptoLocker – a new ransomware variant


• Copycat Ransomware “Locker” Emerges


• New Cryptolocker copycat PClock2 discovered that targets…

RAA, a new Ransomware variant using only JavaScript

Protecting your information with hard disk encryption – what you need to know

Ever wondered what you’d do if your laptop, tablet or smartphone was stolen? While the use of security software to protect you from online attacks is common, what about physical threats to your hardware?

Even with a password-protected operating system (OS) your data is still saved to your hard disk in an unencrypted form. Did you know that it can be accessed easily by reinstalling a new OS the over the top of the existing installation?

That’s a big problem. And a big risk to you – and probably your family and employer as well. It’s impossible to protect yourself against physical theft. But it is possible to prevent criminals from getting their hands on the information on your hard disk. This is where your work documents, personal photos and videos, even critical passwords and online banking data lives. So how do you protect your physical hard disk? The answer is by using a technology known as hard disk encryption.

What is disk encryption?

Encryption is a method of making readable information unreadable to people who shouldn’t have access to it. When you encrypt your information, it must decrypted first before it can be read.

Encryption is part of the field of cryptology, a science which deals with the deliberate scrambling of information. While the cryptographic methods of over 2000 years ago were primitive and basic – simply rearranging a few characters – today’s methods use complex mathematical algorithms.

Advanced Encryption Standard (AES) is the most frequently used algorithm, due to its speed and extremely high level of security. At present, there’s no practical way of attacking AES even though the encryption method is well known.

AES, also known as the Rijndael algorithm after its inventors, divides the information to be encrypted into 128-bit data blocks that are encoded with a key of 128, 192 or 256 bits in length. These blocks are written into a 2D table that various mathematical transformations are then applied to.

The binary data can still be read from the hard disk once it has been encrypted, but it no longer makes any sense at all. It’s not even possible to tell what was encrypted. It could be pictures, text files or executable files. Even if the encryption algorithm is known, the data can’t be decoded without having the correct key. So it will remain hidden from strangers.

 

Is AES secure? Testing all possible combinations (or ‘cracking the code’) of a 128-bit key would take several million years of computing time. However, thanks to modern hardware, accessing encrypted data (in conjunction with the correct key) is almost instantaneous.

In other words, you won’t notice any performance issues when your data is encrypted (while it’s being saved) and decrypted (while it’s being read or unscrambled). That’s because your computer’s CPU works much faster than your hard disk can read or write the data.

Why you should use hard disk encryption?

If someone gets physical access to your computer and you aren’t using disk encryption, they can very easily steal all of your files.

It doesn’t matter if you have a good password because an attacker can simply boot to a new operating system off of a USB stick (and bypass your password) to look at your files. Or they can remove your hard disk and put it in a different computer to gain access.

Computers have become an extension of our lives and private information continually piles up on our hard disks. Your computer probably contains work documents, photos and videos, password databases, web browser histories, and other scattered bits of information that doesn’t belong to anyone but you. You should be running full disk encryption on your computer to keep this information private.

Four good reasons why you should use hard disk encryption:

• Hard disk encryption is built in to all major operating systems.


• It’s the only way to protect your data in case your laptop gets lost or stolen.


• It takes minimal effort to get started and use.


• It makes it impossible for someone who isn’t you to access any of your files.

How does hard disk encryption work?

When you turn your computer on, before your operating system can start, you must unlock your disk by supplying the correct encryption key.

The files that make up your operating system are on your encrypted disk. So there’s no way for your computer to work with them until the disk is unlocked.

Typing in your passphrase won’t unlock the whole disk, it just unlocks an encryption key. And the encryption key then unlocks everything on the disk.

But you need to be careful using hard disk encryption that can only be unlocked with a passphrase you’ve memorized. Forget the passphrase and you’ll be locked out of your own computer forever.

Once your computer is on and you’ve entered your passphrase, your disk encryption is completely transparent. Everything works like normal. Your files open and close. Your programs or applications just work. And you won’t notice any performance impact.

Just remember that when your computer is on and unlocked, whoever’s using it has access to all your files and data. Because the encryption is now transparent.

IMPORTANT: disk encryption doesn’t make your computer ‘secure’

Disk encryption is only useful against attackers who have physical access to your computer. It doesn’t make your computer any harder to attack over a network.

All of the common ways you could become a victim of hacking still apply:

• Attackers can still trick you into installing malware.


• You can still visit malicious websites that exploit software bugs in your software, your web browser, or countless other ways.


• When you visit ‘friendly’ websites, network attackers can still secretly make them malicious by modifying or intercepting the web pages in transit.


• Attackers can still exploit services running on your computer, such as network file sharing, music playlist sharing, or torrent service, to name a few.


• And disk encryption doesn’t do anything to stop internet surveillance.

Ways to encrypt your hard disk

There are many encryption programs available, with the main differences being their level of complexity and whether they are free or paid software. Here are just some of the many options:

Bitlocker Drive Encryption (for Windows)

BitLocker is Microsoft’s disk encryption technology. It’s only included on:

• Ultimate and Enterprise editions of Windows Vista and Windows 7


• Enterprise and Pro editions of Windows 8 and 8.1

To see if BitLocker is supported on your version of Windows:

• Open Windows Explorer


• Right-click on your C-drive,


• Look for the “Turn on BitLocker” option

If you see a “Manage BitLocker” option, your disk is already encrypted.

If you’re a Windows 10 user, here’s how to turn on device encryption.

BitLocker is designed to be used with a Trusted Platform Module. This is a tamper-resistant chip built in to new PCs that can store your disk encryption key. Because BitLocker keys are stored in the TPM (by default) you’re not required to enter a passphrase when booting up.

If your computer doesn’t have a TPM (BitLocker will tell you as soon as you try enabling it), it’s possible to use BitLocker without a TPM. You can use a passphrase or USB stick instead.

If you only rely on your TPM to protect your encryption key, your disk will get automatically unlocked just by turning it on. This means an attacker who steals your computer while it’s fully powered off can simply power it on in order to extract the key.

If you want your disk encryption to be much more secure, in addition to using your TPM you should also set a PIN to unlock your disk or require inserting a USB stick on boot. This is more complicated but it provides an extra layer of security.

Bitlocker’s design is user-friendly and comes with advanced options. If you use one of the correct versions of Windows and don’t need additional features, Bitlocker is a solution with no further cost to you.

Steganos Safe

As the name suggests, Steganos Safe is a virtual vault to “lock” your files inside. For example, you can secure your Office documents by saving them directly to the safe. It’s easy to use and offers some special features such as the ability to hide data in images. Your data can be considered very secure thanks to the use of 384-bit Advanced Encryption Standard (AES).

Think of Steganos Safe as your virtual vault. You can try a free 30-day trial.

Diskcryptor

DiskCryptor is open-source software which means users are free to download and modify its source code. You can also choose the encryption algorithm. DiskCryptor is ideal for beginners with a clean, simple user interface, which makes it very easy to navigate through the menus.

 

Like all good encryption programs, DiskCryptor loads before the OS. Windows will only boot if you enter the correct password, which then automatically grants you access to the data.

Understand the risks with ‘free software’ such as TrueCrypt

TrueCrypt was one of the most frequently recommended encryption programs and was used by millions of people. In May 2014, however, the security community was shocked when the software’s anonymous developers shut down the project. The homepage was replaced with a warning that “using TrueCrypt is not secure as it may contain unfixed security issues.”

TrueCrypt recently underwent a thorough security audit showing that it doesn’t have any backdoors or major security issues. Despite this, we don’t recommend using software that isn’t maintained anymore.

When good freeware goes bad. You can still migrate from TrueCrypt to BitLocker following the instructions on TrueCrypt’s website.

Is cloud storage the solution? Not necessarily …

If you use services like Microsoft’s OneDrive, Google Drive or Apple’s iCloud you’re using a cloud storage service. These are a great way to back-up your data but they do come with some risks:

• Your data’s still with a third-party commercial entity. You must understand their security measures and protocols before trusting them with your information.


• Cloud service providers come and go all the time. If your provider disappears will your data be lost forever or backed up somewhere trustworthy?


• Your cloud service provider might be reliable – but they’re only as reliable as your Internet connection. A poor connection may mean you’re unable to access your data when you need it most.


• Security laws vary in different countries. So you really need to understand where your information actually resides. If the physical storage of your data is in a different country, does it need to comply with your local laws and regulations? If not, what legal recourse do you have (if any) should the provider disappear or fail?

No system is perfect. And cloud storage is just the same. Minimize your risk by choosing a reputable provider and always ensuring your data is encrypted.

So much information – what’s the right thing to do?

If you’re using any computer, laptop, tablet or smartphone, you should be using hard disk encryption technology to encrypt your data and personal information.

The time and effort required is minimal. And even if you don’t feel that your data is important now, it’s possible that it could be used against you in the future. Take the time time to learn about the technology options first. It’s very important you don’t risk losing your data by configuring the encryption software incorrectly.

REMEMBER: Hard disk encryption is only designed to prevent access to your data. It’s there to protect you if someone who shouldn’t gains physical access to your device. Other network threats such as malware can still infect your computer and access your data. Even while your OS is still running!

So in addition to using hard disk encryption, we also recommend the use of proven, reliable and widely-used anti-virus software with real-time protection such as Emsisoft Anti-Malware.

 

Related Posts:

• Protect your laptop data from theft – Here’s how


• Why antivirus uses so much RAM – And why that is…


• Decrypter for HydraCrypt and UmbreCrypt available


• How it’s done right: Emsisoft’s Behavior Blocker


• Keysweeper: proof that it’s relatively simple to hack…

Protecting your information with hard disk encryption – what you need to know

The big ‘R’: Ransomware. Why businesses and institutions are at risk and what to do about it

Normally you would expect a ‘state of emergency’ at a hospital. And you’d expect to find cyber criminality somewhere else. But just imagine for a second: what, if the two met in the same place?

A hospital is a place where you’d go to seek advice, help, safety. Where you rely on the doctor’s knowledge and profession to make things better. But what if that place of shelter got in the center of a ‘cyber state of emergency’? No, we’re not trying to make up some scary stories. To give you a real life example, no embellished facts:

In February 2016 (just 3 months ago, that is), Hollywood Presbyterian Medical Centre was forced to declare an ‘internal state of emergency’ because of a ransomware held their files hostage. The incident left employees unable to access patient files and, in particular, emails. As a result, the hospital was unable to continue its day to day operations. Again, just imagine for a second: What, if Doctors could not access information about their patients anymore, their medical histories or the latest lab reports. No communication between other medical centers or medical staff was possible. In brief, it was a disaster.

According to an NBC news report, the Hospital paid a ransom of approximately US $17,000. Hospital CEO, Allen Stefanek, stated that paying the ransom of 40 bitcoins was “the quickest and most efficient way to restore our systems and administrative functions.” He said the hospital did it in the interest of restoring normal operations. In other words, their priority was saving lives.

To allow a better understanding of how this happened, let’s look at the timeline. The malware was initially noticed on the hospital computer on 5 February. It took another ten days for the hospital system to be restored to normal, after paying the ransom fee. For the third time in a row, just sit back and imagine, ‘what, if’ a hospital was unable to commence its daily business from one minute to the next – simply because of a ‘computer problem’. The Presbyterian Medical Centre in Hollywood was lucky – in the end – as fortunately, patient care was not affected, and there’s no evidence patient data was compromised, the hospital said in a statement.

Unfortunately, this story is just one of many. Smaller US Police Departments have also been affected, along with tens of thousands of home computers around the world on a daily basis. Most of the cases don’t even reach to the public surface as businesses want to avoid facing a loss of customers due to a lack of trust. Understandable, but it also plays into the hands of ransomware hackers who take advantage of the fear and silence their tactics create.

But, what exactly are we talking about?

Ransomware – a complex and difficult battlefield

In the ‘good old days’ of ransomware, a scam would simply lock the users’ screen and ask for a payment of $100 – $200 to unlock the screen. Simple. However, unlocking software solutions were often available and a ransom could be avoided. Nowadays, ransomware is infinitely more complex and difficult to decrypt. And here is why.

It is a ticking time bomb. Literally.

Modern ransomware often uses a countdown timer that puts pressure on the user / IT departments to pay the ransom within a short period, such as 48 hours. The victim has little time to search for a solution, which often results in them being forced to pay the ransom, or lose their data.

You cannot reach an attacker that lives in the cloud(s).

Modern ransomware often can’t be decrypted without paying the ransom. This is because all encryption info is stored on servers somewhere in the cloud which can’t be accessed in reasonable time – or at all. Cracking the password by brute force (this means to test all possible variants) is simply impossible as it uses strong encryption that cannot be cracked in a reasonable amount of time – even with the best supercomputer in the world.

Apparently, there is a perfect crime.

We can hear, read and fear as much as we want about the world being under constant surveillance. In this case, truly unfortunately, ‘Big Brother’ does not know everything. In fact, extortion payments via Bitcoin give attackers a method of payment that is impossible to trace.

If you see this, you’ll need to act fast.

The perfect ransomware victims: Businesses

According to Security Magazine and the United States FBI, ransomware is on the rise in 2016. To hackers and cyber-criminals, it makes more sense to target businesses and institutions over home users.

Why are businesses such great targets?

• Blocking or theft of data from a business or institution can cost a business vast sums of money within a short timeframe.


• Businesses also have a reputation to lose – and word-of-mouth travels fast.


• Businesses not only have more to lose – they also have bigger funds than your neighbor next door.


• Last but not least, and the worst part of all: With the endless and trace-less paths of the World Wide Web, hackers use Bitcoin as a ransom payment, which makes the transaction virtually untraceable.

Ramsonware – a global threat to home & business users

What does ‘freedom’ from ransomware cost?

Sums vary widely, and it appears they range from smaller sums of $300 for home-users. Larger sums, such as the $17,000 paid by Hollywood Presbyterian Medical Centre above are being seen more often.

We have written many articles about ransomware and it’s ever-changing variations. Emsisoft first covered a story about ransomware in 2011 . We updated this with a further story about ransomware in 2013 along with dozens of posts about specific ransomware varieties on our blog. It is not only our conclusion that ransomware is continuing to become more complex, and more of a threat – unfortunately, it’s also the conclusion of many of the world’s leading news sources.

Enough scary words, let’s face life: What can YOU do to avoid a ransomware attack?

For starters, to avoid ransomware, it’s vital to update all computer software programs to their latest version. For example Adobe Reader or Skype. Do it right now. We mean it.

Then, installing high-quality, up-to-date anti-malware software, such as Emsisoft Anti-Malware or Emsisoft Internet Security will help detect unusual behavior and will often avoid an attack. Having said that, there is no software that can protect you 100% from ransomware, because of its’ nature.

How does Emsisoft help prevent ransomware on your computer?

Any ransomware that is being executed on an updated (again, do it right now!) system with Emsisoft Anti-Malware or Emsisoft Internet Security running, will be stopped before it can even begin to encrypt any user data. The Emsisoft behavior blocker is trained to detect any type of ransomware. As a demonstration, we recorded how Emsisoft responds to 20 well-known ransomware examples.

What to do if you’ve been attacked by ransomware

Our research team, in particular, Fabian Wosar, develops decrypters for new versions ransomware that has just emerged. We suggest you bookmark this page to get the latest ransomware decrypters from Emsisoft.

Further help and support can be found with our respected friends and at Bleeping Computer, where Emsisoft’s ransomware decrypters are often featured.

At Emsisoft we care about you, your business and possible threats. Immediately, no questions asked. If you get in trouble – get in touch!

Related Posts:

• Stay one step ahead of ransomware – Emsisoft’s…


• Ransomware “Locker” automatically decrypts all…


• Updated ‘Cryptowall 2.0’ Targets Windows Using…


• Warning: File Encrypting Ransomware, Now on Android


• CryptoWall Malvertisments on Yahoo, AOL, Match.com and More

The big ‘R’: Ransomware. Why businesses and institutions are at risk and what to do about it

Stay one step ahead of ransomware – Emsisoft’s Decrypter page

At Emsisoft, we do not simply care about our products. We are also pretty freaking excited about our work, because we love what we do. With that passion for our industry we are proud to have a bunch of dedicated ransomware geeks aboard who spend a lot of time cracking new encryptions. We call them masterminds, internally, because we think they are. So, if these masterminds come across a new crypter they instantly find out if it’s crackable – and how to. If so, we’ll build a decrypter.

If a ransomware attack happens it’s all about time. Usually the victims have only one choice: Pay, or lose the data. In a very short amount of time. That is why our masterminds scan and check for new ransomware every day, mornings, evenings – even at night. The faster a solution is widely available to the public to decrypt a specific fraud, the less criminal hackers will get.

Stay ahead of ransomware – check for decrypter on Emsisoft’s Decrypter page

A decrypter can help victims of these scams instantly to regain access to their computer. Just drag the decrypted file into the decrypter that has affected your data. Best part: At Emsisoft, you’ll get those for free. Because in the end, we do simply care about you. Check out our new Emsisoft Decrypter page for all currently available decrypters. Speaking of – we’re out, searching for new threats, and ways to decrypt them.

>> Meanwhile, see it for yourself: Emsisoft Ransomware Decrypter Downloads

Because: We’re here to fix that!

Related Posts:

• Decrypter for HydraCrypt and UmbreCrypt available


• New Ransomware Alert: CryptoLocker copycat PClock discovered


• Strong indications that ransomware devs don’t like…


• New Cryptolocker copycat PClock2 discovered that targets…


• CryptoDefense: The story of insecure ransomware keys and…

Stay one step ahead of ransomware – Emsisoft’s Decrypter page