Ransomware is a particularly damaging type of cyberattack. A ransomware attack encrypts the target’s files so they can’t be accessed. The attacker sends a message instructing the target to pay a fee to get the files back. However, in many cases the data is permanently gone, which can have a major impact on organizations and individuals. Here’s what you need to know about ransomware and how to keep it from happening to you.
What is Ransomware?
Ransomware is a type of malware that takes over users’ computers and prevents them from accessing their data. Most commonly, it encrypts files so users can’t access them. Restoring the files requires a decryption key that only the hacker knows. The hacker demands a ransom in exchange for the key.
The malware sends a message to the users stating that their files are inaccessible, and will only be decrypted if they send a Bitcoin payment to the attacker. The users are then given directions for paying the ransom in exchange for the decryption key. The fees vary widely, from a few hundred dollars to thousands of dollars.
Common Forms of Ransomware
Commonly used by security and tech support scammers, scareware usually consists of a message that malware was discovered. Users are informed that the only way they can get rid of it is to pay a fee. However, if they do nothing, their files will most likely remain safe.
- Screen Lockers
This type of ransomware freezes users out of their computers. When they attempt to restart the computer they receive a message, often with an FBI seal, saying that illegal activity was discovered on it. The message is accompanied by an order to pay a fine. It’s important to know that the FBI or Department of Justice would not freeze your computer or demand payment if they suspected you of cybercrimes. They would take legal action instead.
- Encryption Ransomware
This is where an attacker seizes the user’s files and encrypts them, then demands payment in exchange for returning the data. Once your files are encrypted, the only way to get them back is by using a decryption key. But even if you pay the ransom, there’s no way to know if the criminals will actually give your data back.
Ransomware has been around since at least the 90s, but it became far more common after the development of Bitcoin. One of the most notorious ransomware attacks was CryptoLocker, which took place in 2013 and infected around 500,000 computers worldwide. The ransomware spread in the form of attachments to spam emails.
CryptoLocker was eventually contained by Operation Tovar, but it inspired many other ransomware attacks. Some of the other well-known attacks were TeslaCrypt, which targeted video game files, and SimpleLocker, which was the first widespread attack on mobile devices.
How Frequently Does it Happen?
There are conflicting reports on how widespread ransomware attacks are in 2018, and the number of attacks is hard to measure. According to ISACA’s State of Cybersecurity 2018 report, ransomware attacks are decreasing. The report cited a survey of 2,366 cybersecurity professionals, in which 45% of participants said they experienced a ransomware attack in 2018. This is down from the 2016 findings, in which 62% of participants reported a ransomware attack.
Kasperskly’s Ransomware and Malicious Cryptominers 2016-2018 report found that ransomware attacks decreased by 30% between 2017 and 2018. However, the number of attacks targeting healthcare and financial organizations went up.
The findings suggest that many criminals are using other kinds of malware, such as trojans, crypto miners, and spyware. At the same time, the criminals who use ransomware are becoming more sophisticated and are targeting major organizations.
What are the Risks?
While ransomware can prevent individuals from accessing important files, it can be even more dangerous for companies. Attackers are starting to target companies over individuals, and the loss of essential data can be devastating for a company. Ransomware attacks disrupt business operations and can cost companies large sums of money. Companies might pay large fees to attackers, and are likely to pay professionals to help them deal with the attack.
In addition, attackers don’t always restore the encrypted files. An Osterman survey of 540 organizations found that 28% of companies that refused to pay their attackers lost data despite having backups.
Given the challenges of getting your data back, it’s best for individuals and companies to do everything they can to prevent ransomware attacks.
How Does Ransomware Infect Your Computer?
There are many ways ransomware can access your computer. One of the most common ways is by phishing, where an attacker poses as a legitimate institution such as a bank. They often contact you by email and request that you download a file or open an attachment. After you make the download or open the file, they can access your computer.
Another common tactic is malicious advertising or malvertising. This is when an attacker spreads malware using online advertising. It’s important to understand that malvertising does not require the user to take any action at all. While browsing trusted sites on the internet you can connect to malicious servers. These servers record information about your computer and location, and then send malware to your computer.
Attackers may also use exploit kits, which is a hacking tool consisting of a pre-made code. The kits work by identifying security gaps on other people’s computers and then infecting them.
Some attackers use drive-by downloads to install malware on users’ computers without their knowledge. This typically happens when users unknowingly visit a malicious website, using an outdated browser. While they browse the website, it automatically downloads malware onto their computers.
It’s important to remember that while these methods are the most common, they’re not the only ways attackers can infect your computer with ransomware.
An infected computer will run normally for a while. The user generally doesn’t realize that ransomware has been installed. Once the ransomware begins running on the computer and encrypting files, it’s usually too late to save the data. A ransom note will then appear on the user’s screen, and the files will become inaccessible.
How Can You Remove Ransomware?
The first thing you need to do is regain control of your computer. If you are a Windows user, you have to reboot Windows to safe mode and install anti-malware software. You then need to run a scan, find the ransomware program, and remove it. Then you can exit safe mode and reboot your computer.
The problem is these steps will allow you to remove the malware, but they won’t restore your files. There are some free decryptors that might help you get some data back, but there’s no guarantee. In many cases, it’s impossible to restore your data without a decryption key.
Some companies and individuals pay the ransom in the hopes of getting their files back, but this is a gamble. Many times the attackers take the money without handing over the decryption key.
As a result, the best thing you can do is protect yourself against ransomware attacks.
How Can You Prevent Ransomware Attacks?
There are some steps you can take to reduce your chances of a ransomware attack. Here are some of the most important ones:
- Invest in cybersecurity
Installing antivirus software can help protect you from ransomware. It’s a good idea to look for antivirus software that will protect vulnerable programs and has an anti-ransomware feature.
- Back up your files
It’s important to back up your files regularly, and to keep them safe using cloud storage with high-level encryption and multiple-factor authentication.
- Update your operating system and software
Some ransomware attacks take advantage of vulnerabilities in your software or operating system. By always installing updates, you can help protect your devices.
We have created an easy guide that will help you stay safe online in only 8 steps. If you follow these the chance of becoming a ransomeware victim are decreased.
Though cyberattacks involving ransomware appear to be going down, they remain a major threat to companies and individuals. The most troubling trend is that ransomware is becoming more sophisticated and increasingly targets businesses. And in many cases, the targets are unable to recover their data. For this reason, organizations and individuals need to take preventative measures to defend themselves.
Verizon’s Data Breach Investigations Report revealed that most kinds of malware, including ransomware, invade devices through email. Companies are actually three times more likely to become compromised by social engineering attacks than security vulnerabilities. This suggests that cyber education is another important tool for preventing ransomware attacks.