- What is ransomware?
- How hackers install ransomware on your device
- Best practices against ransomware
- Ransomware in numbers
As cyberattacks and data breaches continue to make headlines, their financial impact on the global economy keeps on rising. According to computer security company McAfee, cybercrime cost $600 billion in damages in 2017, with the number nearly doubling in 2018 to reach $1 trillion.
Cybercriminals use all sorts of malware to hijack data from companies and individuals, including viruses, trojans, spyware, and ransomware. The latter will infiltrate your device’s system and encrypt your files, locking you out of your own data. To get the decryption key, you’ll need to pay a ransom.
Ransomware may be out of favor with hackers and cybercriminals nowadays, but its risks haven’t waned. That is why you must learn everything about this threat and how to avoid it so that you don’t end up being the victim.
Ransomware – How Hackers Snatch Your Data
As the name suggests, ransomware involves the payment of some sort of ransom in exchange for a captive. But in this case, the captive is your data. Attackers use this form of malware to access the files on your device and lock you out. To get the information back, you must pay between hundreds and thousands of dollars, depending on how crucial the data is.
The settlement must be in cryptocurrencies that allow anonymity like Bitcoin so that criminals protect their identities.
There are several ways through which hackers can infiltrate your device and install ransomware. The most common method is phishing – email scams that cybercriminals send pretending to be a legitimate service or authority, like your bank, for example. The emails contain a malicious link that once you open, the malware will take control over your device.
Other ways are more aggressive and don’t require any user interaction or permission. The WannaCry ransomware and NotPetya virus exploit system vulnerabilities to infect devices. The latter can spread to other computers that are connected to the same local network.
What Happens When Ransomware Takes Over?
Once ransomware gets past your device’s security and penetrates your system, it will most likely hijack and encrypt your files. You’ll then see a message from the hackers instructing you to pay a specific amount of money in Bitcoin for the decryption key and release of your data.
But while cybercriminals use this course of action the most, it is not the only way they can extort you for money.
According to CSO Online, some perpetrators will pose as law enforcement officers and shut down your computer. They’ll claim that you have installed pirated or illegal pornographic material on your device and must, therefore, pay a fine to retrieve your data. Perhaps hackers go through all this trouble to prevent victims from reporting the attack to authorities.
Furthermore, some might use a different form of ransomware called extortionware, or doxware. And just like the name suggests, attackers will threaten to release your personal data, like photos, emails, or documents, to the public unless you pay the ransom. However, this method is rarely used because it’s hard for hackers to locate and extract such files.
Therefore, the most common ransomware practice is to encrypt your files and force you to pay up.
Anyone can fall victim to ransomware if they’re not too careful and let their guard down. But cybercriminals mostly target companies and corporations, not individuals. There are two types of ransomware attacks:
- Commodity: When hackers set random targets and try to infect as many devices as possible by launching attacks on a massive scale. They can rent a “ransomware as a service” platform to do so.
- Targeted groups: When cybercriminals target specific markets and organizations that have basic, and vulnerable, security.
In the latter case, attackers can choose their victims depending on several factors. They can hit relatively easy targets like universities because they mostly have small cybersecurity teams, and their database involves lots of file-sharing. But others seek more lucrative and swift payouts and pick out companies and corporations.
That includes medical facilities and government agencies, who often need quick access to their data. Other targets can feature law firms, or ironically, cybersecurity companies who might have sensitive data and want to keep the entire incident quiet.
In fact, several reports have shown that major ransomware attacks hit hospitals and medical centers because they are most likely to pay. After all, there are lives at stake. According to Beazley’s 2018 Breach Briefing, 45% of ransomware attacks targeted the healthcare industry. The financial sector, another tempting target, came in second with 12%. Carbon Black, a cloud security specialist, reported that 90% of financial institutions were targeted by Ransomware in 2017.
Ransomware Removal and Prevention
When it comes to online security, you must always be vigilant and double-check everything before you click on suspicious links. But should you ever fall victim to a ransomware attack, you have to take the following measures to regain control of your device:
- Restart Windows 10 and put it in safe mode
- Install top antivirus software
- Conduct system scans to locate the ransomware program
- Restore the computer to a previous state
Here’s a video guide from CSO’s Steve Ragan explaining how to remove the malware from your device:
But please note that while the above steps remove the malware and give you control over your computer, your files will remain encrypted. The only way to decrypt and subsequently access your data is by getting the decryption key.
Therefore, the best course of action is to take preemptive measures and prevent ransomware from infecting your device. The following tips aren’t just handy to avoid ransomware attacks, but also any other type of malware. So we advise you to follow them whenever you go online:
- Make sure the links or attached files that you open are from legitimate parties. Check the email address of the sender to see if he’s the real deal or a scammer.
- Back up your data regularly to reduce the damage of any malware attack.
- Install a premium antivirus program that can detect and eliminate malicious software.
- Keep your operating systems up-to-date as each update will fix potential bugs and vulnerabilities.
- Use a reputable VPN service for anonymous web browsing and data encryption. You can use one of our best VPN suggestions for 2020.
NOTE: Antiviruses and VPNs cannot fully protect you from ransomware or other malware attacks. Cybercriminals are continually creating new malicious software and updating old ones, which means your antivirus may not always detect them.
Should You Pay the Ransom?
Law enforcement agencies advise you not to cave into cybercriminals’ demands and pay the ransom fee. That’s because you would only be encouraging them to attack more people. Even 66% of companies say that they would never pay a ransom out of principle, according to a Trend Micro report. However, the truth is 65% of corporations pay the price that hackers set.
That all depends on the files you’re trying to get back, of course. Some users opt not to pay since the data isn’t very valuable. Still, ransom fees are usually low to ensure that victims pay up quickly. The price varies between $700 and $1,300, something that companies can afford on short notice. Some cybercriminals even offer discounts for those who swiftly cough up the money.
Research from software corporation Citrix claim that 33% of large UK companies stockpiled Bitcoin in case of ransomware attacks.
But before you do anything rash, make sure that the malware that infected your device is indeed ransomware. Cybercriminals can trick you into thinking that your files are encrypted, but are actually using fake ransomware. Second, there’s always the possibility that attackers won’t give you the decryption key even after paying the ransom.
However, most of them deliver on their promise because lousy reputation doesn’t bring money.
Facts and Figures
Here are a few things to remember about the threat of ransomware:
- Ransomware cost the global economy $5 billion in 2017, up 15 times from 2015.
- 85% of malware infections that target healthcare organizations are ransomware.
- 75% of companies that fell victim to ransomware were using updated protection.
- The GrandCrab ransomware resulted in $2 billion in extortion money from victims as of 2019.
- 60% of malware revenues were generated from ransomware, but that number drastically dropped to 5% in 2019.
Is Ransomware in Decline?
Ransomware rose to prominence in 2017, thanks to the aforementioned impact of WannaCry and NotPetya. However, it fell out of favor with cybercriminals due to their currency of choice: Bitcoin. First of all, a lot of victims tend not to pay to reclaim their files, and those who do are sometimes unfamiliar with cryptocurrency to proceed to the next step.
Second, the rise of cryptojacking malware also contributed to the demise of ransomware. Cryptojacking allows cybercriminals to use your device’s computing power and resources to mine cryptocurrencies like Bitcoin without your knowledge. It became very popular in 2017 as Bitcoin prices peaked.
But according to McAfee, the number of ransomware attacks more than doubled in 2019, with a 118% rise in the first quarter alone. Chief Technology Officer at McAfee Steve Grobman said that this jump was normal considering the drop in cryptocurrency prices in 2018.
“As cryptocurrency prices drop, it’s natural to see a shift back [to ransomware].”Steve Grobman, Chief Technology Officer at McAfee
So as you can see, ransomware poses a persistent threat to your data and money. Therefore, you must always take precautionary measures when using the Internet and installing privacy and security tools like antiviruses and VPNs.
Have you ever been a victim of a ransomware attack? Share your experience below.