Name: Ransomware
Family: Malware
Modus Operandi: Ransomware doesn’t discriminate. It will go after individuals and businesses alike, digitally encrypting files, making them inaccessible and literally holding them for ransom … hence the name. A payment (anywhere from $20 to $400 and up) is usually demanded in some form of virtual currency like Bitcoin to make it harder to track.
Impact: Infections can be devastating and recovery is often a difficult process requiring professional help from a reputable data recovery specialist. Ransomware can infect computer systems, networks, external storage and even cloud storage. There are versions for Android, Mac, Linux as well as everyone’s favorite target: Microsoft Windows. The malware typically spreads through spam and phishing emails that contain malicious attachments or through drive-by downloads (when a user unknowingly visits an infected website and the malware is downloaded and installed without their knowledge). Some versions have countdown timers that show how much time you have to pay the ransom and/or before the private security key to unlock your files is permanently deleted and everything is irreversibly lost. Others threaten to release all your files onto the internet for everyone to see if payment isn’t received according to the specified deadline.
Risks of infection:
- Temporary or permanent loss of proprietary or sensitive or information;
- Disruption of regular operations;
- Financial losses incurred to recover files and clean infected systems; and
- Potential harm to an individual or organization’s reputation.
Warnings: Paying ransom doesn’t guarantee you will in fact get your information back – it only guarantees the cybercriminals will get your money and – sometimes –valuable information like: login credentials, banking info, personal files (music, movies, pictures, home videos) or confidential work documents.
Plus, getting the key and decrypting your data doesn’t mean your system is clean, it just means you can access your files again (hopefully). Your device is still infected and infected machines aren’t just useful for demanding money, they can also be used for illegal activities like being:
- Converted into SPAM zombies;
- Used as part of DDOS (Distributed Denial Of Service) attack against websites; or
- Linked with other infected machines to create an encrypted P2P (Peer To Peer) network for propagating malware updates and sending stolen data. And because of the distributed nature of the P2P network, there is no single point of failure which makes them very difficult to take down.
Prevention: Although one of the biggest names in ransomware recently shut down and released its universal decryption key to unlock encrypted files, the threat of ransomware remains. Education is key to reducing the risk of infection and/or spreading it further. Here are some things you can do to prevent infection:
- Run routine backups and store them offsite;
- Keep Operating Systems and Antivirus programs up to date;
- Keep software, browsers and plugins up to date;
- Do not follow unsolicited web links in emails;
- Avoid opening suspicious email attachments;
- Scan all files and software downloaded from the internet prior to installing;
- Use strong passwords and change them routinely; and
- When in doubt, check with your IT Support Professional.
Mitigation: If you or your business find yourselves in the unlucky position of becoming infected, follow these steps:
- Disconnect from the Internet;
- Disconnect all attached storage devices; and
- Change your passwords.
- Consult an IT Support professional.
Finally, any encrypted files will need to be restored from backup or manually recreated.
Want to learn more? Check out any of these helpful links:
Avoiding Social Engineering and Phishing Attacks
Recognizing and Avoiding Email Scams
Using Caution with Email Attachments
Good Security Habits
Safeguarding Your Data
Choosing and Protecting Passwords
Computer Security Checklist for PC
Computer Security Checklist for Mac