This past year has seen some of the worst cyberattacks in history. From the WannaCry attack in May to the Petya attack in June, thousands of people have lost thousands of dollars and valuable data to criminals using ransomware.
Ransomware has been tagged as an “epidemic” by major security companies. Like a virus that keeps evolving, new strains of ransomware are constantly emerging, many of them using new and original techniques that haven’t been tried before.
You probably already know the intended goal of ransomware is to kidnap a victim’s data and demand payment for safe return. Educating yourself about the workings of ransomware will help you remain alert, aware, and keep your money and data safe.
Here’s all you need to know about ransomware:
What is ransomware?
Ransomware is a subset of malware. However, instead of trying to steal user credentials and interrupt key processes like most forms of malware, it tries isolating a victim’s data and then demanding payment for the data’s release.
Ransomware is often embedded inside harmless-looking software and applications. It activates as soon as the user launches the program. Devices can also be infected through email links or malicious websites. Victims may not know they’re under attack until they find that their files are locked and a ransom demand is asking for money for the return of those files.
How does a ransomware attack work?
There are two primary types of ransomware: locker and crypto.
Locker ransomware locks victims from using important device functions like accessing a desktop or browsing the internet.
Crypto is the more common form of ransomware. It encrypts files and demands a ransom payment for their return.
In a crypto ransomware attack, a user’s device is infected with a malicious code which will select certain files and encrypt them using a unique algorithm. Victims will then receive a warning screen accusing them of breaking the law or simply informing them that they’re under attack. The cybercrooks will demand a ransom payment, usually in bitcoins. Then, a countdown timer begins, forecasting the files’ deletion if no payment is made.
What is bitcoin?
Bitcoin is a form of digital currency that allows you to pay for goods or services easily, remotely and anonymously. You can send bitcoins digitally using a mobile app or a computer.
This currency is stored in a digital wallet, which resides in the cloud or on your computer. It’s almost like a checking account, only it’s not insured by the FDIC nor is it subject to any regulations. Also, bitcoins aren’t tied to any country and have no credit card fees.
Each bitcoin transaction is available on a public log. However, only wallet IDs are revealed – the names of buyers and sellers are anonymous. This assured anonymity is the reason bitcoin payments have become the payment method of choice for cybercriminals.
To make a bitcoin payment, victims are usually instructed to download anonymous browsers for visiting a URL hosted on anonymous servers.
To pay or not to pay?
Should the victim of an attack pay the ransom for their files’ return? That is the million-dollar question!
While many are quick to give a blanket “no,” other experts say it may be worthwhile to pay the ransom.
Joseph Bonavolonta, the assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program, claims that the FBI often advises people to pay the ransom.
He explains that when more people pay the ransom, it keeps the ransoms low. He also believes that most scammers will keep their word and decrypt the victim’s files.
However, other FBI officials disagree with Mr. Bonavolonta’s remarks and urge victims not to pay ransoms. They say there is never a guarantee of the files’ return, and that agreeing to the cybercrooks’ demands encourages more attacks.
One thing everyone agrees on, though, is that victims should seek assistance from law enforcement agencies. When victims share the names of their attackers or the details of their attack, the law enforcement agents will be able to tell them whether they’ve seen this group attack before and whether the group tends to return encrypted files.
If your computer’s been infected and you decide to pay the ransom, you may be looking at a payment that falls anywhere between $200 and $10,000.
Before you pay, though, find out if there’s a decryption tool online. You may be able to find the keys to decrypt your files on your own.
If you decide not to pay the ransom, shut down your computer and disconnect from your network. Scan your computer with an anti-virus or anti-malware program and let it remove everything on your device.
It’s always best to be proactive. Ward off strangers by strengthening your email’s spam filter. Also, don’t ever click on suspicious links or download mobile apps from unfamiliar application stores.
Make sure your operating system (OS) is protected with a strong firewall, spyware and sufficient, updated anti-virus software.
It’s equally important to back up your files on an external hard drive or on a USB every few weeks.
Despite your best efforts, you may be the victim of a ransomware attack. If the unthinkable happens, keep your cool, contact a law enforcement agency to get info about your attacker, and check for a decryption tool online. If you do decide to pay, make sure to take preventive measures against future attacks.
Your Turn: Have you been the victim of a ransomware attack? Share your experience with us in the comments!