Being hit with a ransomware attack is one of an IT professional’s worst nightmares. Ransom malware, or as it’s more commonly called, ransomware, is a particular type of malware that is aptly named--it demands a ransom payment for users to regain access to a locked system or files. The majority of ransomware today demands payments in cryptocurrency due to its inability to trace.
Ransomware infects your system in the same way as typical malware, whether it be through spam, malicious websites, or exploiting security gaps in systems. Training employees on recognizing the signs of malicious emails, attachments, websites, and more, is vital.
While experienced computer users might feel insulted by the idea that they need to learn what exactly a phishing email looks like, the fact of the matter is that hackers are improving their trickery by the day. Social engineering can fool users into believing that an email with a legitimate-looking attachment is truly from their friend, coworker, bank, social media company, or more.
Particularly apt malicious actors gain access to a user’s email and then send a message that directly relates to something that the user was discussing previously. Certain cybercriminals will also disguise themselves as the FBI or other forms of law enforcement to threaten users to pay the requested ransom.
Understanding types of ransomware
The three main types of ransomware include scareware, screen lockers, and encrypting ransomware. Scareware is the least worrisome, and essentially just attempts to scare users into paying a ransom, but can’t do anything more than annoy them with popups if they don’t.
Screen lockers can, as their name suggests, lock your screen. These “screenlockers” are most likely to pretend to be the FBI or other U.S. agency saying you are required to pay a fine to regain access to your computer because of detected illegal activity. Of course, the FBI would never do this and actively fights against ransomware.
Encrypting ransomware is the worst because there is almost no possible way to regain your files if they are encrypted by malicious actors (apart from them decrypting the files and returning your access). Many times, even if users pay to have their files restored, the criminals won’t return them, leaving the unfortunate victim without money nor their files.
Targets are often chosen simply by convenience, sending a multitude of phishing emails and attacking whoever falls for the trick, but other times, attackers choose particular industries that they think will pay more quickly and are often lacking in adequate IT security, such as hospitals.
How to prevent ransomware
The tips for preventing ransomware are the same for preventing any type of virus or malware, such as making sure your system is always up to date and patched or that you don’t give administrative privileges to any program that you’re not certain is secure.
However, the most important thing to do to make sure ransomware (or any type of malware) doesn’t affect you is to back up your files. Even anti-malware software often doesn’t work. The unfortunate truth is that “as many as 75 percent of companies that [fell] victim to ransomware were running up-to-date endpoint protection on the infected machines.” If all of your data is regularly backed up, a ransomware attack will slow you down, but it will hardly put a dent in your operations.
If you take all possible preventions and still end up being infected with ransomware, you still have some options. If you have Windows 10, you can reboot your machine into safe mode, install antimalware software, find and destroy the ransomware program with this software, and then restore the computer to a previous state.
While this can put your machine back into your control, it can’t decrypt your files. This is why it’s absolutely vital to have frequent backups stored in a secure place that malware cannot access.
How much does ransomware really affect us?
While you might think that ransomware attackers are all talk with nothing to back it up, this simply isn’t true. In 2017 alone ransomware caused $5 billion in losses, including ransoms paid and the time spent recovering from the attacks, which is 15 times more than losses in 2015. However, ransomware is currently on the decline and hopefully will continue to fall.
One reason for the decline in ransomware is the change in bitcoin over the years. As crypto-mining malware increases, ransomware decreases. This type of malware “infects the victim’s computer and uses its computing power to create (or mine, in cryptocurrency parlance) bitcoin without the owner knowing,” according to CSO Online. This way, the attackers can score bitcoin without even letting the victim know.
Should you pay the ransom?
Of course, though, ransomware attacks have not dropped to zero. If you’re ever hit with a ransomware attack, you need to consider every possible avenue, one of which being — should you pay the ransom? The majority of companies say they would never consider paying a ransom (66 percent). However, in reality, about 65 percent do end up pay the requested amount.
The current advice is, understandably, to not pay the ransom. This simply creates more of a market for ransomware, encouraging attackers to continue. However, the hackers often ask for a sizable ransom but one that is still much lower than losing the data. They also often offer discounts for quick payment so companies pay without having time to consider all options.
Just a reminder, though, that if your system is properly and recently backed up, you don’t have to worry about this. Before you decide to pay up, make sure the attack isn’t actually just scareware, as described above. If it isn’t, your company might consider paying the fee, but keep in mind that this doesn’t always result in getting your files back. About 30 percent to 35 percent of the time, the hackers take the money and go, leaving your files perpetually encrypted.
It seems that even paying isn’t foolproof. The best advice, then, is not to focus on what to do if you’re hit with a ransomware attack (although we’ve covered that here), but to take preventative measures. If you follow typical malware avoidance advice and keep your system up to date, have a good anti-malware software, and, most importantly, keep your data backed up and stored in a safe place, you’ll be able to overcome the worst of any ransomware attack.
Featured image: Pixabay