It can cripple global businesses, governments, schools, hospitals, and more; ransomware attacks are on the rise. Read on to learn more about this cyber threat and how you can protect yourself.
According to a recent study by Emsisoft, a security firm that helps companies hit by ransomware, in 2019, there were 205,280 organizations they assisted with recovery from ransomware infections. This is a 41% increase from the year before. Average payments to recover from ransomware (for businesses, not consumers) jumped up to $84,116- more than double what it was the previous quarter, according to Coveware, another security firm.
Recent victims of ransomware include the US Coast Guard, city of New Orleans, city of Baltimore, Travelex, and many more. Ransomware doesn’t just go after large companies and municipalities; it can target anyone, including you. Nobody is too small to be beyond their notice; anyone can be a “customer,” and this is something you want to avoid at all costs.
What is ransomware? Ransomware is a type of malware that encrypts (translates all the data into random ciphertext) all of your files, making them completely inaccessible unless you shell out the cash for the decryption key. Ironically, ransomware has some of the best customer service you will find anywhere. Users are shown detailed instructions on how to pay the fee to get the decryption key, almost always in Bitcoin. Don’t know how to do this? There is usually a customer service email or number you can call to get assistance. So helpful!
There are many different kinds of ransomware in the wild. Some of them have decryption keys publicly available; others do not. Ransomware families include; Locky, Cerber, DMA Locker, REvil, Crysis, SamSam, and many more. Some varieties of ransomware are evolving to target ICS (Industrial Control Systems); other types of ransomware seek out data for exfiltration before encryption. The biggest new trend is the threat of publicly releasing your sensitive data if you don’t pay up. So even if you have backups you can depend on, if you don’t pay up all your sensitive files will be released on the internet for all to see.
How do you get a ransomware infection? There are many ways you can be exposed to this. One of the most common ways to deliver the ransomware is via a phishing email with malicious attachments. Once you open the attachments and enable macros, you are opening up your system to the attacker to take over your computer. Other types of ransomware, like NotPetya, exploit security holes to infect computers without the need for any user interaction. This is just one more reason to keep your system up to date, and not to open attachments from unknown senders. Another way is via a “drive-by download”; you might visit a legitimate website, but the ads on the website may have been compromised and contain links to malicious sites, or malicious software downloads. Avoid clicking online ads; they could be malicious.
To prevent ransomware at home or work, follow these steps:
- Do not open suspicious email attachments. Got an email from someone you don’t know with an attachment? Do not open it unless you can verify it is legitimate, if it is something you weren’t expecting, it probably isn’t.
- Only download software from sites you trust. Are you looking for the latest version of Adobe Flash? Go to the official Adobe site to download, don’t go to “bestgoodsoftwarez4free.com”.
- Always verify before downloading, or you might download a lot more than you bargained for.
- If you receive a call, text, or email from an untrusted source asking you for personal information, do not give out any information. If you are contacted by someone claiming to be from a company you have accounts with, ignore the request, and contact the company independently to verify the request is legitimate.
- Never use unfamiliar USBs; if you don’t know where they came from, they don’t need to connect to your computer. Anything could be on there and could infect your system.
- Keep your software and operating systems up to date to avoid giving cybercriminals a way in. If they can’t exploit security holes on your machine, you are a less attractive target.
- Are you using public Wi-Fi? Use a VPN (Virtual Private Network) to protect yourself. The VPN provides you with an encrypted communications tunnel and protects you from attack. There are many VPN apps out there, including popular ones from NordVPN, ExpressVPN, CyberGhost, etc.
- Use security software like Norton anti-virus, Symantec, etc. to protect your computer from malware and other attacks. Make sure you keep the security software up to date. Most consumer-grade security software is reliant on virus definitions, which need to be up to date to be accurate and catch the latest threats.
- Backup your data! If your data does get ransomed, at least you will have a backup solution. Either copy everything to an external hard drive that is not left connected to your network, and is stored in a secure location, or consider using a cloud storage solution, like Google Drive, etc.
What to do if you are the victim of a ransomware attack? Try to contain the infection; disconnect the computer from any networks and the internet. This will minimize the chance of the infection spreading to other computers. Don’t pay the ransom, paying the ransom does not guarantee the return of your data. In some cases, even if you get the key, your unencrypted data will be so badly damaged it will be useless. Contact a computer repair professional and see if they can work on your machine, there might be a free decryptor available online for the ransomware. If nothing else works, if you have good backups, you should be able to get your computer reimaged and restored with your backed up data. If you aren’t a techie, it’s best to pay someone else to take care of this for you.
Ransomware is an evolving threat, and it will likely get worse before it gets better. Be aware, be safe online, and don’t become a victim.
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.