What is a Ransomware Attack

Ransomware is malicious malware designed to take control of your computer data and hold it hostage until you pay the ransom. Before 2012 no one had heard of ransomware attack. During the first half of 2018, more than 181 million ransomware attacks were reported. Ransomware is a big business making substantial profits for cybercriminals. The attackers demand funds paid by cryptocurrency like Bitcoin, making it difficult to track or prosecute. 

How Does Ransomware Work?

Most often, ransomware attack occurs when you install an infected file or download an attachment from an email. You should never click links in emails or download attachments. Other ways ransomware can get onto your system is through social media, adware, chat messages, and even USB or other removable drives. More dangerous strains of ransomware work through a “drive-by” exploiting a vulnerability in a browser plugin or website you visit. You don’t even need to download anything to get infected.

Once installed, the software moves swiftly through your machine and even your network encrypting your files and adding extensions to the file names, making them unusable to you.

Some Common Types of Ransomware in Existence Now 

• WannaCry - infected 200,000 systems within just days in over 70 countries.

• Havoc uses symmetric and asymmetric cryptography to encrypt the files.

• Satan is a RaaS ransomware kit. The hacker gets 70%, and the developer gets 30%. It targets 131 file types and uses a .stn extension to lock the files.

• VxLock uses a .vxlock extension when locking files. 

• LataRebo Locker uses a pop-up with the ransom note in it, making it impossible for the user to control their computer. It also adds entries to Windows Registry.

• Philadelphia is another RaaS program available to cybercriminals; it even includes instructions on how to wage successful ransomware campaigns. 

• Cryptolocker - very popular in 2013, not seen as often now. 

Once you are infected, the cybercriminal takes control of your files. They contact you to demand money (anywhere from a few hundred dollars to thousands). They usually instruct you to pay in Bitcoin or other untraceable funds. They threaten to delete your files if you don’t pay. With most ransomware, it is next to impossible to decrypt your files. Therefore, you may have very little choice but to pay and trust that hackers will keep their word and unlock your data to not further cause any data breach.

Messages You Will See During Ransomware Attack 

• “Your computer has been infected with a virus. Click here to resolve the issue.”

• “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”

• “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

Ransomware Attack Statistics

Some shocking but interesting ransomware statistics include:

• According to the FBI, there are 4,000 ransomware attacks every day. 

• The WannaCry incident infected 200,000 users in more than 70 countries within just a few days. 

• About 97% of phishing emails contain ransomware.

• 60% of small businesses are affected by ransomware, and about 70% pay the ransom.

• In 2016, the monetary effect of ransomware attacks cost U.S. taxpayers $700 billion.

• Hospitals and medical organizations are strong targets for ransomware. More than 45% of the attacks occur in healthcare.

• 90% of financial institutions are targeted by ransomware. 

Best Way to Protect Against Ransomware

Although reports of ransomware attacks are declining, it is still a serious threat. Ransomware attacks most often target the Windows operating system, but your device can be protected in few simple steps.

Some things you can do to stay safe are:

• Always keep your computer updated with the latest operating system patches and antivirus software. Run deep scans often. 

• Never install software unless it is from a trusted source.

• Don’t download attachments or click links in an email.

• Never share your computer credentials with anyone or allow administrative access.

• Turn off the use of macros on your machine. 

• Keep a complete backup of your entire hard drive contents so you can restore if you have to. 

Law enforcement urges you not to pay the ransom. However, if your entire computer is encrypted and locked and you do not have a backup, you may have no choice. Typically, cybercriminals charge between $200-$1,500 for a fee. Sometimes hackers use “scareware,” which makes it look like they have control of your computer, but they don’t. They may use pop-ups or noises to convince you that they are running the show, but if they haven’t encrypted your data, you can take back access and rescue your computer from ransomware.