This past weekend I was at a local roller rink where my kids were enjoying their first time on skates. While I watching my oldest make a successful lap around the rink, one of the other parents came up and asked me, “Hey, you’re in security, what’s the deal with ransomware? Do I need to worry about it?” I’ve been getting a number of questions about ransomware lately, but I have to admit it was the first time I talked about security while listening to disco blasting at a roller rink. Since I’ve been getting so many questions about it recently, I thought it might be a good time to share some general information about the topic of ransomware.
So what is ransomware?
Ransomware has been around for a number of years, with the first known version dating way back to 1989. That’s right, the decade of big hair, spandex, leg warmers and
VHS also had ransomware. However, ransomware in its current form dates back to around 2010. It’s this type ransomware that has been showing up across PC’s, smartphones and even Macs in ever increasing numbers. According to our research at McAfee Labs, the numbers of unique types of ransomware doubled in the last year! It’s a huge threat that impacts not only businesses, but also everyday people who just use their device to check email or post on Facebook.
But what is it?
Ransomware is malware that restricts access to your system and demands that you pay a “ransom” to the malware author in order to regain access.
There are two primary ways this is accomplished.
The first way is by locking the screen and not allowing access until the ransom is paid. This type of malware could be removed with a little bit of digging around and cleaning, but typically the malware authors will use scare tactics to make people pay. A common method is to craft the pop up to look like it’s from some sort of law enforcement agency and that “illegal content” has been found on your device.
What people need to keep in mind is that if a law enforcement agency found illegal content on your system, you’re not going to be able to fix the situation by simply paying a fine. However, cybercriminals know that enough people will be spooked by this and pay the “fine” to avoid potential legal issues.
The nastier version of ransomware involves encryption. This class of ransomware (CryptoLocker is the most well-known of this type) will search through the target system and look for files that are most likely to contain valuable data. Typically this means just looking for Microsoft Office file formats as well as PDFs and image files. The ransomware will then go through the process of encrypting each of those files with an encryption key to make them unreadable to the victim. The ransomware will then create a pop up informing the victim that their files have been encrypted and they must pay a fee within a short period of time or the decryption key will be destroyed leaving the files locked.
This method has proven very successful for cybercriminals, as many people would rather lose a bit of money instead of losing their personal data. It’s a completely understandable reaction when
faced with the loss of things like tax records or pictures from your most recent vacation. Small businesses are particularly vulnerable as they may not have adequate backups of customer data and bookkeeping. Unfortunately, we have seen times when the decryption key doesn’t work and people still lose their data after paying the ransom. Cybercriminals typically don’t offer tech support or refunds.
Ransomware is a particularly nasty type of malware and while some ransomware can be cleaned out by someone with good technical know-how, most cannot. If your system is infected with ransomware, odds are that you will not be able to recover the data that was encrypted.
Ransomware isn’t just for PC anymore
At first, ransomware was a concern only for computers running Windows. In 2015, we saw an increase in mobile ransomware and just recently ransomware for Macs. Ransomware is now something that everyone has to think about.
So how do I stay safe?
To stay safe against ransomware, you need to keep in mind that at the core ransomware spreads like any other type of malware. If you follow safe computing practices you can decrease your chance of getting infected with ransomware.
- Be suspicious: Cybercriminals use the standard tried and true methods for spreading ransomware, so take extra care to not click on a suspicious link or attachment. What makes it suspicious? Maybe it’s an oddly worded email pretending to be your bank asking for more information. It could be an unexpected attachment from someone in your contact list. If you weren’t expecting someone to send you an attachment, call or text them to double check.
- Keep your system updated: Since ransomware starts out like any other malware, keeping your system up to date on all the security, operating system and application patches will go a long way in preventing a ransomware infection.
- Run anti-virus on your system: While the two steps above will keep a lot of malware out, it is still very important to run anti-virus on your system to protect against new exploits that aren’t yet fixed by an update or attacks like drive by downloads. The cost of anti-virus software will be dramatically less than what cybercriminals will demand in ransom!
- Backup to the cloud: On the off chance ransomware slips past the protections listed above, having your sensitive information backed up to the cloud can help recover without paying ransom. It’s important to use backups that aren’t just drives attached to your computer, as most ransomware will scan attached drives as well for files to encrypt. Of course, you do want to make sure the online backup service you use offers encryption to keep your data safe while in the cloud.
Ransomware is a serious threat that has been growing dramatically over the past year but with a combination of smart surfing, anti-virus protection and updates you can dramatically reduce your risk of getting caught by ransomware.