How ransomware really gets onto your computer

You’re probably seeing headline after headline about ransomware — Baltimore, Atlanta, Albany, New York.

But why is this happening?

We check out this new commercial airing on national TV to see if we get the answer.

Watch our report here:


At War

“We are at war,” the commercial from PC Matic software says. “A global cyberwar.”

“Now our airports, hospitals, schools, government, businesses, and homes are not safe from the ransomware offensive,” it adds.

This is what the company says is the cause:

“The intruders exploit a glaring hole in our defenses — foreign-made, blacklist antivirus.”

You might think — from this ad — that the cause of ransomware is bad antivirus, made in other countries, either on a blacklist or using some type of blacklist technology.


“The intruders exploit a glaring hole in our defenses — foreign-made, blacklist antivirus.” — PC Matic


Is That True?

We asked three cybersecurity experts about PC Matic’s claim.

James McQuiggan of Siemens said he hasn’t seen evidence that supports that theory.

“It sounds like nothing but a bunch of buzzwords chained together,” said Adam Kujawa, director of Malwarebytes Labs.

“It’s bull sh-t,” said Doug Jacobson, director of the Iowa State University Information Assurance Center, also calling it “scare tactics.”

We asked PC Matic to explain.

The company promised a response, but so far, no answer to the question.


PC Matic ransomware commercial
Still image from PC Matic’s ransomware commercial airing on national TV. Image: PC Matic

The Real Story

So, what’s really happening with ransomware?

Currently, most ransomware gets in when someone opens a phishing e-mail, Kujawa said.

“The primary method of infection we see is through e-mail,” he explained.

It could be a fake email that looks like it’s from your bank, a shipping company, a business your company already works with or even a co-worker.

If you click on a link or “enable macros” like the email file may suggest, you can download ransomware that holds your computer or your entire company’s network hostage.

The ransomware can take advantage of any security holes in the system and do its dirty work.

“That sounds so simple. But that fact is, it works,” Kujawa said. “All it takes is one user who isn’t really aware of what a phishing e-mail looks like.”


ransom note from ransomware attack
Ransom message in ransomware attack. Image: iStock

Hacking In

Criminals can also break their way into a computer network.

For example, some are hacking in through Remote Desktop Protocol, or RDP.

RDP allows you to run another computer remotely.

The U.S. Internet Crime Complaint Center put out a warning last year saying that criminals could find security holes to get in through RDP, like weak passwords or older versions of RDP, and slap ransomware on your machine.

“The attacks that we’ve been seeing lately in greater numbers involve a cybercriminal hacking into the RDP, then logging in as a regular user, oftentimes with admin rights,” Jakub Křoustek of security company Avast.

“He or she then simply disables any installed antivirus, and manually uploads and runs the ransomware,” Křoustek wrote in a post in October.

Security companies Sophos, McAfee, Bitdefender and others also bring up problems with RDP and ransomware, as does PC Matic CEO Rob Cheng in a column on The

But so far, no mention of “foreign-made, blacklist antivirus” as the cause of U.S. ransomware troubles.


remote desktop protocol used in ransomware attacks
Remote Desktop Protocol screen. Image: Sophos

Blacklist vs. Whitelist

What does PC Matic mean by “blacklist”?

Blacklisting and whitelisting are two different technology terms.

PC Matic uses whitelisting, where is only allows your computer to run programs on a “safe list”, or whitelist.

But it’s not a perfect technology.

That means the software may also stop you from running good programs that are not on the list.

PC Matic’s whitelist antivirus blocked more than 800 valid programs as well in a 2017 AV-Comparatives antivirus test, according to publication PCMag.


Blacklist technology uses a list, too.

But this time, it’s a list of bad sites or software.

For example, if a site is on the bad list, the computer won’t let you pay a visit.

The two lists — black and white — are used in very different ways.

“It’s like comparing apples to broccoli,” said Jacobson.

Many antivirus companies use a number of tools, including blacklisting, whitelisting, and behavior detection, to keep malware out.

For example, a new piece of ransomware may not be on the blacklist, but behavior detection notices that it is acting a lot like other, already-known ransomware, so the antivirus stops it.


PC Matic ransomware commercial
Still image from PC Matic’s ransomware commercial. Image: PC Matic

Scare Tactics?

Blacklist technology is not bad, according to Jacobson.

But he thinks some people who see the PC Matic commercial will fall for the “scare tactic.”

“I think there’s a group that will. It sounds scary, right? ‘Blacklist’, ‘big hole’, ‘foreign-made’,” he said. “Using the name ‘blacklist’ makes it sound creepy.”

PC Matic may be trying to tap in to recent events with the Russian-based security platform Kaspersky and the U.S. government, as well as Russian election interference, McQuiggan said.

The U.S. government banned agencies from using Kaspersky software in 2018, citing national security concerns.

“I honestly think he is trying to scare folks with that statement and use fear, uncertainty and doubt to leverage the bias towards the Russians with tampering of the elections, the Kaspersky antivirus software being linked to Russian intelligence, etc.,” said McQuiggan.

What can you do?

Back up your stuff, McQuiggan advised, so if you get hit with ransomware, you can get your data from your backups.

He recommends the 3-2-1 rule:

—Have three backups.

—Two at home (on your computer & a hard drive).

—One offsite on another hard drive or a third party or cloud service.

hard drive to back up data and protect from ransomware
Use an external hard drive to back up your data, some cybersecurity experts recommend. Image: iStock

Stay Updated

Patch or update your software and systems, Kujawa said.

For IT people at companies, identify what you can’t afford to lose and add an extra layer of security protection to that, he said.

Attackers may see the extra layer and move on, just like a metal bar lock on your steering wheel encourages a thief to move on to the next car.

Also, have a plan for if and when you get hit by ransomware, so you don’t have to panic.

How to Choose Antivirus 

Be careful when you search the Internet for antivirus protection.

If you type in something like “best free antivirus for Windows,” some of the links that show up could be scams.

Instead, check out some of the well-known sites that review antivirus, like AV-Test, PCMag and Tom’s Guide, so you can pick out the best one for you, rather than going by TV commercials that may or may not tell you the truth.



Leave a Reply