Ransomware is one of the worst types of malware. Data on a victim’s computer is encrypted and therefore unusable, unless they pay the ransom to have it unlocked again. Almost all ransomware attacks are for monetary gain, and unlike other types of infections/attacks, the victim is usually notified that the attack has happened and is told how to recover from the attack. Payment is often demanded in a virtual currency, such as Bitcoin so that the criminal’s identity and the payment can’t be traced. Ransomware can be spread through infected email attachments, software, external storage devices and compromised websites.
Ransomware kits can be purchased by cyber-criminals on the dark web and can be modified with specific capabilities to suit their ends. This malware can then be used for their own distribution and be set so ransoms are paid to their bitcoin accounts.
There are several different ways these cyber-criminals try to extort money from their victims:
- Ransomware known as scareware will try and act like an antivirus or security program . Victims will likely see pop-up notifications saying that their computer is infected and it will direct them to a website to buy their “antivirus”. Not responding to this should be harmless and only lead to more pop-ups, although it is still recommended to have a professional clean things up.
- Screen lockers are a type of ransomware that will completely lock a victim out of their computer. When the victim starts up their computer they may then see what looks like an official government seal, that makes the victim think they are in trouble with an official body. The victim will likely be informed that unlicensed software or illegal web content has been found on their computer, they are given instructions for how to pay the fine. Governments would never do this, and one of the biggest give aways for locals reading this is that it will normally be an American organisations seal and format used for the display. Although this is harmless to your data, it will still not allow you to do anything on the computer so a professional should be contacted to remedy this for you.
- Encryption ransomware, or data kidnapping, is when the attacker gains access to and encrypts the victim’s data, usually followed by a request for payment to unlock the files. Even if the victim pays the ransom, there’s no guarantee that they will regain access to their data. While there are decryption solutions available for a lot of ransomware variants, there’s no guarantee of recovery. Preemptive protection is definitely the best solution for this one.
There are 2 main ways to protect your data against these attacks. The first is to have a reputable security solution installed on all devices that have access to your data. Cyber security companies work around the clock to keep up to date solutions available for their users, but some times a new type of ransomware that has never been seen before can take days or weeks for them to engineer protection for.
The second way to protect your data is to have full backups of all your data. Just copying all your files to a USB hard drive won’t do for this type of attack as the infection could spread to that too. The best defence is to have an automatic cloud backup and disaster recovery solution is place. Solutions like this will not only back up your data but it will also keep previous versions of your data. If your data gets infected at 6pm on a Friday, you can just restore the previous versions from 12pm that morning, after having a professional get rid of any malware first of course.