Ransomware is a common form of cybercrime. A general term, it usually signifies a type of malware that encrypts data. Using malware, hackers target a device or network restricting access by the owner. A ransom is demanded to regain access.
There are many types of ransomware, but the most common are locker ransomware and crypto ransomware.
Locker ransomware is exactly what it sounds like: a target is locked our of a system or device until s/he pays a ransom. Files and data are sometimes encrypted, but usually they are untouched on the other side of a digitally locked “door.” In theory, the computer or phone will be unfrozen and operable when the ransom is paid, but sometimes the ransomware doesn’t work. You are not guaranteed access.
Crypto ransomware is more serious. A threat actor encrypts documents and important files on a targeted device, server or network. The targeted assets still function. The target can see files converted to a cipher, and are informed that they need a decryption code to revert to the data to its original format.
Crypto ransomware is a particularly damaging variant of ransomware, as it can dismantle entire servers or networks that rely on critical data files to operate. Again, the promised restore doesn’t always work correctly.
How do Ransomware Attacks Work?
There are two main steps in a ransomware attack.
First, a threat actor transmits malware to a targeted device via phishing scams. The method of delivery can be a URL address or an email attachment. Sometimes the exploit only works when there are certain vulnerabilities such as outdated software.
Once the malware has landed in the machine, it can be dormant for a long time. It is often undetectable until the threat actor activates the malware and executes step two: the demand for ransom. This is sometimes immediate. It depends on the malware.
Usually, a pop-up window will interrupt a user’s service, alerting them that their device has been compromised with instructions on how to pay. Most demands request Bitcoin and other cryptocurrencies .
Who’s at risk of a ransomware attack?
Like all forms of cybercrime, anyone with a digital device connected online is at risk. Ransomware is size agnostic: It can compromise large-scale corporations, government agencies critical infrastructure or a household. The ransom demanded is usually affordable, since the threat actor is looking for an easy profit.
What if I’ve been compromised?
If you’ve been targeted by a ransomware attack, it is ultimately up to you whether to pay the ransom. Many experts targets not to pay since it makes the tactic grow in the criminal community and there is no guarantee that you’ll regain access to your files after you pay. In some cases, criminals may not have the tools to decrypt the files they’ve locked up.
How do I protect myself?
Practice better cyber hygiene. Preventative security measures are critical:
- Avoid links that are emailed to you: Never click emailed links. Navigate to a site using a search engine. Trash emails from unrecognized senders and be careful about email attachments even if they come from a source you recognize.
- Recognize scareware attacks: Cybercriminals sometimes send alarming messages from seemingly legitimate sources threatening to leak illegal content supposedly found on a targeted individual’s device. In these cases, one should delete the message, disconnect from WIFI, and launch a security scan using a reputable antivirus provider.
- Update your software: Make sure your software and operating systems are routinely updated.
- Have a backup strategy: Backing up files is usually the only way to get back up and running without having to pay the ransom. It might seem like a chore – but it’s a lifeline when it comes to protecting your security (and your bank account) in the face of an attack.