Ransomware is on the rise, and its targets range from individuals to government and law enforcement agencies. Hacking and generally malicious cyber activity has always been lucrative for cyber terrorists who often use stolen information to commit identity fraud, or sell sensitive information to third parties. Ransomware is the latest form of malware to capitalize on the potential gains of cybercrime by requesting that victims pay to have their own computers or files unlocked for use.
That’s right. They ask you to pay your own ransom.
To better understand this growing threat, let’s look at what ransomware is and what it means to those it targets.
What is ransomware and how does it work?
Ransomware is malicious software that either encrypts a user’s files or locks their computer, then demands that the user pay a ransom or fee to have the files decrypted and the computer unlocked. This kind of malware is also referred to as “scareware” as it intentionally attempts to scare or intimidate users into paying a fee, which could be as low as $50 USD or as high as several hundred dollars. Occasionally the cybercriminal requests to be paid with the untraceable currency known as “bitcoin.”
Despite some ransomware being quite upfront about what it is and what you must do to fix it, some versions take a different approach.
Users who are shown images like the above screenshot are led to believe that the sudden loss of access to their PC is not due to hackers but to government or law enforcement agencies. These notices accuse users of having committed some kind of crime related to the possession or distribution of copyrighted material or illicit and obscene pornography. They’re then told how they can unlock their computer, which always involves a payment of some kind.
Many victims receive notifications such as these, however:
As you can see, ransomware doesn’t have a difficult time intimidating users to follow the instructions—but that doesn’t mean you have to make yourself an easy target.
This malicious software follows the same pattern as other forms of malware. A user clicks on a suspicious link or downloads an infected file, and once the ransomware is on the PC, it can start encrypting files or block access to the PC until the fee is paid. Even if the user concedes and makes the payment, there is absolutely no guarantee that they’ll receive the decryption key or have their system access restored.
Some of the latest targets include law enforcement agencies
Police department across the United States and many parts of Europe have been subjected to ransomware attacks over the past few years. Experts say that police departments make such good targets for ransomware attacks because of their outdated software and hardware, especially the smaller departments.
The real threat to police departments is the potential loss of evidence or files that could allow guilty parties to walk free. Outdated operating systems and even the use of DOS have put many of these smaller agencies at-risk for being targeted by hackers employing ransomware.
Where did ransomware come from?
Ransomware originated in Russia and has since grown to be used internationally. Many cyber criminals using ransomware are located in Russia and Europe, although US-based hackers have also begun utilizing the malicious extortion software.
What can I do to protect myself against ransomware?
Dealing with ransomware is not about reacting to it—it’s about preventing it. Some ransomware is so advanced that paying the ransom has actually been a very valid course of action for some companies locked out of their servers or important business files.
Because ransomware can be triggered in many of the same ways as generic malware, the methods for preventing data disasters are quite similar. Six of the fundamental preventative tips include:
1. Create a backup and use it often
To better ensure your data’s safety, it’s best to have a decentralized backup that can be used and then disconnected. External physical backups like hard drives or an online/cloud-based backup will allow you to shut everything off and restore from a previous backup in the event your system is targeted by something like ransomware.
2. Install reputable antivirus software and firewall protection
The only good antimalware software is the one with a track record of reliability. Your system should always utilize a firewall and the right suite of antivirus programs to keep malicious software from taking over.
3. Test your backup and recovery plans
Check your backups and recovery plans regularly. You can’t afford to wait until something goes wrong to see if all your preparation has worked. Randomly reverting to a previous restore point will tell you if your backup is functioning properly, and the same goes for any kind of disaster recovery plan you have.
4. Use caution and avoid clicking links or opening attachments that look suspicious
Emails from strangers or suspicious addresses, fraudulent websites designed to look like secure sites, and any links you receive from unknown or suspicious users all carry the risk of ransomware infection. You should be able to verify the identity of everyone you communicate with online; but if you can’t, it’s unwise to trust the attachments or links unknown users forward to you.
5. Monitor file activity and pay attention to file extensions
File overwriting is one of the most obvious symptoms of ransomware. When you have multiple files being renamed or altered in a short period, then it’s very possible that your system is infected. Spotting the signs early enough can give you the time to go into quarantine and address the issue before it escalates.
Checking file extensions can alert you to a dangerous file as well. By viewing file extensions (through Windows this is a native function called ‘Show File Extensions’), you can see what kind of file you would be opening before you click on it—eliminating the chance of opening a harmful file.
6. Patch and update all essential software regularly
Everything from your browser and operating system, to your antivirus, java, and adobe should all be updated when and if possible. Habitual patching will ensure that you have the latest safeguards against known bugs and malware, reducing your vulnerability.
The best way to deal with ransomware or any piece of malicious software is to develop and implement the practices that will make you a less inviting target for cyber criminals. Connecting with the right specialists puts you a step closer to securing your systems and sensitive, business-critical data—and protecting you against extortionists and their ransomware.