Lockouts—they happen. We forget our keys, we can’t remember our passwords—and sometimes, someone else locks us out. And in the modern digital age, lockouts have been happening a lot lately across a number of phones and computers. These lockouts are caused by a powerful malware (malicious software) variant, called ransomware, which works its way into your computer or phone only to encrypt (lock) your data and demand a ransom if you want to get it back.
Except now, modern day ransomware has gone beyond locking our devices—it can now lock our hospitals and our hotel doors. Recently, it has even forced friends to turn on each other for infection. And it’s not planning on slowing down anytime soon, as this threat continues to experience a steady increase in volume of victims, types of victims, and kinds of devices compromised as it evolves its strategy to reach new targets each day. But before we delve into the threat’s evolution, let’s explore what exactly makes ransomware tick.
What is ransomware?
Ransomware is a type of malware that infects a device in order to encrypt its data, locking it so that it can only be freed if the owner of the device pays the cybercriminal a ransom, typically demanded in Bitcoin. It can prevent you from using your computer or mobile device, opening your files, or running certain applications. Or, it could lock down personal data like photos, documents, and videos, holding them hostage until you pay up.
And it does so in all shapes and sizes. Thousands of different ransomware strains have been documented, all slightly unique in how they lock victim devices, what they demand, and when they demand it.
How it has evolved
The threat has evolved in more ways than one. For starters, ransomware used to typically come in the form of an email attachment, as users unknowingly downloaded ransomware by clicking on phony email attachments or visiting infected websites (drive-by downloads). But as time has gone on, the cyberthreat has compromised websites, mobile apps, digital advertisements—it has even tailored itself to vulnerabilities within specific devices.
And since the threat has proven time and time again to be effective—so much so that cybercriminals everywhere are trying to get their hands on it—it can even be sold across the Dark Web in the form of ransomware-as-a-service (RaaS) portals.
It’s clear that ransomware has grown to be rampant, but who, exactly, is it going after these days?
Who it targets
- Hospitals. The biggest and most saddening target for ransomware attacks has been hospitals. Over and over again, we’ve seen hospitals and health organizations featured in the news as the threat’s latest victim, forking over mounds of Bitcoins to get their systems back up. Why exactly are hospitals ransomware’s most wanted, you may ask? Because of the critical nature behind their infrastructure. If hospital data is inaccessible, it can be a matter of life or death, and cybercriminals know that. In fact, they’re banking on it.
- Mobile users. As our dependency on our mobile devices continues to grow, so does the size of the target on their backs. We’re storing more personal data on our devices than ever before, which makes them perfect for attackers looking to extort our connected lifestyle for their personal gain. Many mobile apps have been compromised in the attempt to trick users into downloading the version laced with ransomware. If the malicious app is downloaded, the user’s mobile device becomes encrypted, and the victim must empty their bank account to gain back access.
- Government offices. Speaking of critical data—government offices (the DMV, police stations, etc.) hold a plethora of important and very personal data in their hands…which is exactly why they’re another hot target for a ransomware attack. Cybercriminals know these organizations need to be operational at nearly all times, and that they’re more likely to pay the ransom in hopes of getting their data back, rather than wait it out to conduct a proper counter-attack.
Moral of the story: ransomware can be a little scary. But fear not—we have a few tips that help make it less intimidating. For starters, backup your files—then, if a ransomware attack occurs, you can wipe your disk drive clean and restore the data from the backup. Additionally, since a lot of ransomware attacks occur via a compromised website, use a browser protection service, like McAfee SiteAdvisor, that will let you know which links are malicious. And if you do find yourself infected, use decryption tools. No More Ransom, a coalition Intel Security has formed with other industry leaders, has a suite of tools and resources to free your data, each tailored for a specific type of ransomware.