Ransomware: What is it and How to Protect Yourself Against it
Ransomware is one of the fastest-growing threats to cybersecurity, and it doesn’t seem to be slowing down anytime soon. According to a Cybersecurity Ventures report, every 14 seconds a business is hit with ransomware. Ransomware so far has been able to infiltrate everything from schools and businesses to healthcare entities and government institutions. By holding files and personal information hostage, cybercriminals will have cost almost $20 billion in damages, restoration, and downtime, due to ransomware.1
What is ransomware?
Ransomware is a form of malware that encrypts a victim’s files. Once these files are taken, attackers will then hold them hostage and demand a ransom from the victim in order to restore their access. Although it first appeared in 1989, ransomware has exploded in recent years and cybercriminals are making a living off these schemes as “ransomware developers.”2
How do I become a victim of ransomware?
One of the most common methods of getting infected with ransomware is through phishing links on malicious spam. According to Michael Depalma of Datto from the webinar “Ransomware is on the Rise- SMBs are the Main Target,” 85 percent of all email attachments are harmful.3 These emails usually appear unprompted in your inbox and contain a malicious link or attachment. Although they may seem to be from a legitimate source such as a friend or business, they are actually cybercriminals in disguise. Upon opening these email links or attachments, your computer and personal files become locked and inaccessible.
Some ransomware schemes even go as far as pretending to be government institutions, such as the FBI, as a scare tactic against the user. These schemes claim the user had committed a crime and could face criminal consequences, and give them the option to pay a “fine” in order to restore access and be “forgiven” for the offense.6
Another way that you can encounter ransomware is through malicious advertising. Malicious advertising, also known as “malvertising” is when online advertisements are used to spread malware.4 An unsettling reality of malvertising is that it actually doesn’t require the user to interact with it. Even while browsing trustworthy websites, advertisements that can send you to corrupt servers pop up and, even without clicking on them, can steal your information in order to plan a personalized ransomware attack.
Should I pay the ransom?
Once infected, victims may feel they are left with seemingly few choices. They are faced with the decision of either paying the ransom and enabling criminals or trying to restore their data. Some may argue that paying the ransom is the quickest and easiest way of retrieving their files but enabling cybercriminals by paying them off may increase the likelihood of you being targeted in the future. By paying the ransom, you are only encouraging cybercriminals to continue attacks against you, knowing that you are willing to pay the price.
In addition to the threat of future attacks, the government also has a pretty firm stance on whether or not to pay the ransom. In 2016, the FBI publicly made a decision on the issue, disapproving paying a ransom in response to a ransomware attack. On October 1, 2020 the US Department of Treasury also released an official statement regarding ransomware in which they stated that if you do pay the ransom to cybercriminals, you could be at risk for violating the law and will not be protected by the law. This is because paying the ransom could fall under “funding a terrorist organization.” 3
How to protect yourself against ransomware
As ransomware continues to evolve, it is becoming increasingly difficult to detect before an attack happens. There is no single technique that can fully stop a ransomware attack from reaching you or your organization. However, one of the best forms of protection is prevention. Having a plan in place in the event of a ransom attack is vital. According to FBI Cyber Division Assistant Director James Trainor, “contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.”5 Prevention efforts the FBI recommends include ensuring that antivirus and anti-malware are set to conduct regular scans, configuring access controls and network share permissions, disabling macro scripts from office files transmitted over email, and implementing software restrictions. It is also essential to back up data regularly and to secure your backups in the case that you have to restore your data.
Cybercriminals go where the data is and will always try to trick users in order to make a quick buck. Although you may not always be able to stop them, it is important to stay up to date on ransomware techniques and be aware of how you can keep yourself prepared against attacks.