You open your computer to start the day like any other, but you see that your screen is locked, and you are unable to boot up your device. An icon appears, demanding that you pay a sum by a certain date to regain access of your personal information, documents, and private passwords. This is ransomware; a kidnapping of your information and holding it hostage for ransom, literally. In this article we will dig deeper in understanding what ransomware is, how it is done, who is a target, and how to prevent it.
What is Ransomware?
Ransomware is a software (malware) used by cybercriminals. Through this malware, your files are infiltrated and encrypted with a timeframe, dictating that a ransom must be paid within the allotted time, or the data will be lost forever. The files that are attacked could include photos, documents, and financial information. The cybercriminals behind the ransomware play a tricky game, and while the idea of what ransomware entails may be simple and paying the ransom may be tempting under desperate circumstances, it is important to understand various types of ransomware, prevention, and recovery methods to combat the ever-growing malware.
Types of Ransomware
There are many different types of ransomware, though all are similar in the fact that they require a paid ransom to access your data. The two main types of ransomware are Crypto and Locker, however, we will elaborate on the top five common types of ransomware.
Crypto Malware: This malware attacks your documents, folders, and hard-drives directly, including sensitive data. Your files will become encrypted, making the content useless. This malware is very harmful and usually asks for ransom to be paid in cryptocurrency, such as Bitcoin, to retrieve data. Once the ransom is paid, the cybercriminals claim that a decryption key will be provided to apply to your files, making them accessible again.
Lockers: This malware locks you out of your device completely by infiltrating and infecting your operating system. Locker ransomware makes it impossible for you to access your device’s applications or files. The most common victims of Lockers are generally Android users.
Scareware: Scareware is a fake software that notifies you that your device has a virus or other issues. Scareware masquerades as an antivirus software promising to fix the issue if you pay an amount. Scareware could act as a locker-ransomware that locks you out of your device. Other types of scareware overflow your device with constant pop-up messages and alerts.
RaaS: Ransomware as a Service (Raas) is a cybercrime economic model. This allows malware developers to make money by distributing malware to non-technical criminals.
Doxware: Doxware, also known as leakware or extortionware, is similar to previous ransomware in that it hijacks your data, including personal photos and sensitive files. However, Doxware threatens to publish your data on the internet if ransom is not paid.
How does Ransomware Infect your Device?
Ransomware can infiltrate your device in several ways. The most common is through email and malvertising.
Email: This is the most common avenue used by cybercriminals to infect your device. Typically, a suspicious email will appear in your inbox. Phishing tactics will be used, using fear strategies and suspicious code words to entice you to click on a link, attachment, or other, that then downloads the malicious software into your computer. The ransomware will then infiltrate and attack your system.
Malvertising: Downloading ransomware is also possible outside of emails. When visiting a website with many advertisements, you may run into Malvertsing – a fake advertisement released by ransomware. By clicking and downloading the malvertisement, you are inviting the malware into your device.
In either case, ransomware is a file that may have been in a zip folder that is disguised as a seemingly trusted file that is tempting to click on. These files work behind deception, so being aware of these modes of attack are important for prevention.
Who are Typically the Targets of Ransomware?
Although ransomware could be spread without a specific target, cybercriminals could very well choose their victims. Encrypting malware typically targets those who are most likely to pay large ransoms, such as businesses and other large organizations. Below is a small list explaining the most common targets.
Businesses: Being that cybercriminals seek bigger ransom payments; they typically seek corporate entities. Due to greater wealth and personal-computer use, the use of ransomware is typically inflicted upon those in the United States, the United Kingdom, and Canada.
Quick-payment Organizations: These organizations range anywhere from medical facilities, banks, and Government agencies. Organizations that fall under this group require immediate access to sensitive information and may be quick-willed to pay the ransom to regain access of data.
Universities: Universities typically have less security while having high levels of file-sharing, which makes them a suitable target.
Victim of Ransomware?
If you have been attacked by ransomware, the key is to act fast.
Call local and federal law enforcement: Ransomware is a serious issue; it is an extortion of money for the hijacking of sensitive material. Just as you would report the hijacking or kidnapping of physical material, you should report the hijacking and kidnapping of virtual material as well. Local and federal law bureaus have forensic technicians can better analyze your device, try to find the attackers, and work to better protect your device.
Secure data: Immediately take any data not infected offline.
Change passwords: After removing your device from the network, immediately change all online passwords and network passwords.
Gather Evidence: If you can, and if it exists, try to collect portions of ransomware data.
Not a Victim? Don’t let your Guard Down! Follow these Prevention Tips
Now that you know what ransomware is and its different variants, prevention is the most important step in keeping your data safe! Do the following to minimize your exposure to ransomware:
Use security software: Make sure to use a safe and trusted cybersecurity software with antivirus features to help identify threats to your device and data. Further, make sure the security software you use is up to date, as new variations of security continue to be available.
Update your device’s operating system when available: Updates may include patches for recently discovered security vulnerabilities that could be impacted by ransomware.
Backup your data to an external hard drive: This is helpful with any important and or sensitive data. Being that ransomware works to encrypt your files, storing them in an external hard drive strips the cybercriminal of their power. Make sure that these files are not stored online so that attackers cannot have access to them.
Do use secure email gateways: Secure email gateways contain protection against spam attacks, which usually contain the malware.
What NOT to Do
Here are a few things to look out for and to avoid.
Do not pay the ransom: Although tempting, it is never a good idea to pay the ransom. Remember, these are cybercriminals. Even though a decryption key is promised after the sum is paid, there is still a possibility that your files will never be granted to you. There have been incidents in which the attacker requires that you pay again and again, only to never give back your data.
Do not open suspicious emails: Being that ransomware is mostly transmitted through emails, it is extremely important that you open emails with caution. Do not open emails and attachments from unfamiliar senders. Keep your eyes peeled for Phishing spam working to trick you into opening the email with various scare tactics and enticing language. As we know, this leads you to clicking on a legitimate-looking link or file, infiltrating your device with malware, and holding it hostage for ransom.
- In 2020 there were more than 304 million ransomware attacks, pointing to an attack on organizations every 11-14 seconds.
- An average of 4,000 ransomware attacks occurs every day.
- 73% of all ransomware attacks were successful in infiltrating and encrypting data.
- 27% of business made payments to the cybercriminals.
- The cost of ransomware attacks on organizations are growing rapidly. In 2018, estimated cost was $8 billion. In 2019, the cost jumped to $11.5 billion. Last year in 2020, the cost was a whopping $20 billion globally.
- In 2018, the average ransom demand for individual users rose to $1,077.
- Ransomware also attacks mobile users! More than 4.2 million American mobile users were victims of ransomware attacking their mobile device.
Protect Against Ransomware
It is apparent that ransomware is a rapidly growing and prevalent malicious software that could attack the individual user, large companies, and organizations. Tracking the cybercriminals could be a tricky task but identifying and preventing ransomware does not have to be. Now that you are knowledgeable on ransomware’s definition, how it is done, the targets, and ways to prevent it, you are one step closer in keeping your data safe from the hands of cybercriminals. Know that this is a growing issue, so being aware and observant while using your device is more important than ever. Remember, do not give the cybercriminals what they want! Never pay the ransom. The best defense is prevention, so make sure to guard yourself with proper practices and up to date cyber security systems.
Protecting yourself from a ransomware attack is crucial to keeping your files and other information safe. Professional quality managed cybersecurity services from Makios Technology will do a lot of good for your security online.
Learn more about how we can keep you protected. Give us a call today at (915) 217-2500 or take a moment to complete our online contact form.