Ransomware has shown up in newspaper headlines and the evening news more and more as various strains incapacitate prominent targets. If you haven’t heard of it yet, it’s just a matter of time.
The most common type of ransomware is crypto-ransomware, which uses encryption to make your files unreadable. After the malicious software infects a victim’s computer, the victim can often still see their files. However, they’ll have a strange extension added onto them and they won’t open.
Governments and militaries use encryption to make secret information impossible to decipher. That same powerful technology can make every file and program on your computer unusable through a ransomware attack. Here’s how it happens.
How Ransomware Infects Computers
The most common vector for ransomware infections is through email. Attackers create massive phishing campaigns in which they send thousands of emails with malicious attachments or links. The attackers often use high-pressure techniques like pretending to be law enforcement or companies collecting on bills. The attachment may look like a pdf and have an innocuous name. However, once a person clicks on the attachment or link, the ransomware begins installing itself.
Another common way that ransomware can infect a computer is through exploit kits, which rogue servers host. These toolkits can comb through a potential-victim’s software looking for vulnerabilities. Vulnerabilities are generally the result of not updating software with patches. The ransomware is delivered by the exploit kit and downloads on the victim’s computer.
What Happens Next?
After ransomware infects a computer and encrypts its files, there is generally a note left behind. This note states instructions on how to pay a ransom. Ransoms vary greatly, from several hundred dollars to tens of thousands of dollars. The instructions usually state to pay the ransom through bitcoin, which is a hard-to-track cryptocurrency.
At this point, victims have several possible options. Security experts have cracked some types of ransomware and offer decryptor tools for free or a small charge. Occasionally, law enforcement will catch the attackers and the decryption key is made public. In these instances, you can recover all of your files without worrying about the ransom.
Another option is restoring your files from a backup. If you have an external hard drive or cloud storage with all of your needed files, you can wipe your computer and then restore your files. This is the preferred option, but very often people don’t have completely current backups to work with.
The last option is to pay the ransom. This is a risky move because the attackers don’t always give you a working key when you pay the ransom. Some high-profile targets, like hospitals and universities, have paid ransoms and gained access to their files, but there’s nothing stopping the attackers from simply keeping your money without sending you a decryption key. Furthermore, they may attempt to give you a decryption key, but it’s not guaranteed to work, and they have no incentive to help you troubleshoot your problems with it.
How to Protect Yourself From Ransomware Attacks
The best protections against ransomware are updating your software regularly and being smart about downloading attachments and clicking links. Outdated software can allow exploit kits to install ransomware on your machine. Downloading suspicious attachment or clicking on unknown links is a risk no one can afford.
The last essential action you should take is to back up your computer regularly. You can do this through the cloud or on an external device. Some malicious software is sophisticated enough to spread through drives, so you should only connect the external drive when backing up your files for the day. Backing your files up means that even if malware infects your computer, you’ll have the option of wiping your computer and starting afresh. A ransomware infection is a scary possibility, but always having a current backup can keep you safe.