WannaCry, the most destructive cyberthreat in history, downed over 250,000 computers in 116 countries. The ransomware’s victims weren’t just personal devices; entire businesses and systems were brought to a standstill—including the British National Health Service. In the UK, patients couldn’t make appointments, doctors couldn’t access records, and lives were put at risk. Suddenly, the cyberwarfare we see in movies such as:
- The Score (2001)
- Firewall (2006)
- Goodbye World (2013)
It was no longer just a plot device. The threat had become a reality.
This attack was not the first instance of ransomware, but it was one of the most destructive. No other threats have caused as much damage or proven as difficult to remove.
Seventy-five percent of the victims had to pay to get their data back, and yet, ransomware increased by 350% around the world in just one year.
If you haven’t been impacted yet, it may only be a matter of time. With such a looming threat, properly understanding the danger and how to avoid it is essential.
What is Ransomware?
In short, ransomware is a form of malware that holds your computer for ransom. Threats of this type lock all or part of your computer and will deny access until you’ve paid the fee.
Ransomware first appeared in the 1980s but didn’t pose a serious threat to the public until the last decade. Today, over 4000 ransomware attacks occur every day.
How It Works
Ransomware attacks tend to follow a general pattern:
Contracting the Infection
Ransomware infections work like other viruses. You may download it as a result of phishing, a social engineering tactic that mimics trusted processes to trick the victim into authorizing the download. Alternatively, it could take the form of an exploit kit, which uses vulnerabilities in your existing software to gain backdoor access.
The Wait Period
Not all ransomware acts immediately. Some take up to 15 minutes to take hold, although others do manage to cause havoc in seconds. 35% of victims are notified of the attack within 24 hours; for 11% it took more than a day.
The specific version of ransomware determines the level of encryption. 16-bit and 32-bit encryption can easily be disabled using ransomware decryption tools. However, 128-bit or 256-bit encryption is so strong it parallels browser and VPN security, making it nearly impossible to reverse.
The final stage is a pop-up message on your screen, alerting you to the infection. It will demand a ransom, which usually falls around $300-500. Hackers only ask individuals for amounts they may have on-hand to increase the chances of them paying the fee, although businesses can pay tens of thousands of dollars.
It’s also common for the ransomware to mimic local authorities. The message may claim that you’ve acted illegally or accessed banned content, and that’s why you are being fined. They often use county police or government logos to increase the authenticity.
Types of Ransomware
Ransomware is a general label for a group of different malware types. They all have the common feature of demanding a ransom payment for removal but don’t all behave in the same way. The following are some of the most common types:
- Crypto-malware is one of the most popular. It works by targeting and locking specific files until you pay up. If the encryption is strong, then the only way to get your data back is to pay.
- Lockers work similarly, except they take down your entire system so you can’t access any part of it. You can’t even run an antimalware check to identify and remedy the issue.
- Leakware works by stealing your information and threatening to release the data if you don’t pay up. Targeted details could include your bank info, contacts, intimate photos, and personal documents. It’s an especially successful tactic as it causes the victim to panic and respond rashly.
- Scareware usually poses as fake security software. Once downloaded, it will alert you of issues that cost extra money to fix. In some cases, you will be flooded with so many alerts and pop-ups that your computer is unusable until you take action.
- RaaS stands for Ransomware as a Service, a meta-malware type employed by career criminals. A hacker will hire out their services creating and distributing ransomware in exchange for a cut of the fine. This kind is particularly dangerous as it can be used by anyone wanting revenge, and could target you specifically.
Over the years, countless instances of each type of ransomware have been detected. However, some attacks have done more damage than most.
Several of the world’s most devastating ransomware attacks have occurred over the last few years. The following are the most famous examples:
- CryptoLocker used a Trojan to target Windows computers. It affected 250,000 devices, mostly targeting users in the UK and US. The infection was spread using password-protected .zip files, which claimed to contain an important PDF.
- TeslaCrypt was a ransomware trojan that is now, fortunately, defunct. It targeted game-players via file extensions for popular games, such as Call of Duty, WoW, and Minecraft. Once infected, the malware demanded $500 in ransom payments from the victims.
- SimpleLocker is a type of mobile malware that mimics CryptoLocker. It blackmails victims by accusing them of committing a crime and demanding a fine. The pop-up fills the entire screen and returns even if you turn the device on and off.
- WannaCry, one of the biggest ransomware attacks in history, targeted businesses and government organizations. It was cited by some as an attempt at cyberwarfare.
- NotPetya was a reinvention of the Petya ransomware of 2016. Potentially inspired by WannaCry, just a few weeks later NotPetya released. It demanded $300, and 90% of the attacks were on Ukrainian victims, leading some to suggest it was organized by Russia.
- Locky existed before the recent rise in ransomware. It affected half a million users and demanded a payment of one Bitcoin, which at the time was worth nearly $1000. The malware was spread via an infected Word document, using social engineering tactics.
- Cerber is another earlier form of ransomware that existed in 2016. It attacked 150,000 Windows users in July alone, and continues to cost around $2.3 million a year.
Although these types of ransomware are some of the most prolific, countless forms currently exist. Fortunately, you can protect yourself.
Tips To Protect Yourself
Knowing about ransomware isn’t enough to keep you safe. Your best weapon is understanding how to protect yourself. Due to its destructive nature, recovering from ransomware is a unique challenge, so it’s better to learn how to pre-empt an attack and avoid the infection altogether.
Perform Regular Backups
While it’s relatively simple to remove a ransomware infection, getting back your encrypted files without paying the ransom is more challenging. If it’s impossible to restore your data, the best tactic is to perform regular backups of your system. Then, if you are attacked, you can simply restore to a time before you’d contracted malware.
Update Software Regularly
Ransomware commonly exploits security holes to gain access to your device. The best way to avoid this issue is to update everything regularly. Software producers release new versions with patches for known vulnerabilities, so staying up-to-date will increase your security drastically.
Phishing scams are another common form of ransomware distribution. Avoiding social engineering isn’t impossible, as long as you know the signs. Be alert for false URLs, unexplained email attachments, and pop-ups. Never click banner ads or other “deals,” and look for typos and unrealistic claims to avoid fraudulent emails.
Stick to Trusted Sources
Perhaps the best tactic to avoid accidentally downloading a ransomware trojan is to only stick to sources you trust. This refers to everything online: websites, software, emails, e-commerce sites, etc. Most domains and brands are highly reviewed, so it’s easy to stick to those with a good reputation.
Try Whitelisting Software
By creating a baseline of approved applications, whitelisting software will prevent any unknown programs from launching and running on your device. If you unwittingly download malware, the whitelisting app will compare it to its list of sanctioned programs and will block any actions that don’t match.
Use a Powerful Antivirus
Top-quality antivirus suites are essential to stopping ransomware. They will alert users as soon as they locate a problem, and can also remove the infection easily. The best antivirus companies keep a catalog of all the known threats, so can identify ransomware quickly and effectively. Some antivirus apps also provide a free ransomware decryption tool for malware with low-level encryption.
Some may feel it’s too time-consuming to invest in their computer security. However, facing a ransomware attack will cost far more time and money than any prevention strategies.
Do This If You Get Infected
Even with protective strategies, ransomware infections can still happen. If you fall victim, follow these steps.
If the ransomware has only locked specific files, it’s easy to remove it from your computer:
- Enter Safe Mode
- Use your antivirus to identify the software
- Manually delete or let your antivirus do the work.
While this will remove the infection, it won’t decrypt your files, which is why regular backups are so important.
If the ransomware has locked your entire operating system, it’s slightly harder to fix. You have three choices:
- Perform a system restore to a point before the virus infected you.
- Run your antivirus from a disk or external drive to delete the malware.
- Reinstall your operating system.
Should You Pay?
This question is perhaps the most important when discussing ransomware. For some, paying a few hundred dollars to restore your machine is a worthwhile cost. In fact, 75% of those who are hit with ransomware do choose to hand over the money.
However, giving in to cybercriminals only furthers their efforts, causing more malware attacks around the world. In reality, your best option is to perform regular backups so you can quickly restore if you are attacked.
Protect Your Computer from Ransomware
Cybersecurity has become a buzzword of the modern age. Using these tactics will significantly increase your protection against ransomware and reduce your risk of becoming a victim. If you haven’t taken precautions already, it’s more essential than ever, as this type of malware continues to rise in frequency and severity.