What is ransomware?

Red-on-black image of locked computer screen against a background of binary code
Do you know how to recognize and protect yourself against ransomware?
You may have seen headlines about ransomware attacks on institutions ranging from banks to hospitals to gas-pipelines. But what is ransomware, why is it dangerous, and can such attacks be prevented? Today, we answer your questions about ransomware.

What are ransomware attacks?

Ransomware is a type of malware – in other words, software designed to cause malicious damage to your computer or system. In this case, the malware is designed to encrypt the files on a device or computer network, rendering them unusable. The cybercriminals behind the attack then demand money to decrypt them, in effect holding the information hostage and demanding a ransom for its release.

A ransomware attack often works by tricking a user into clicking a malicious link that downloads a file from an external website. Because the user does not know the file contains ransomware, they open or execute it. Ransomware software is also designed to take advantage of security vulnerabilities and spread from one computer to others that it is networked with, e.g. within an organization. Once the ransomware simultaneously encrypts all files it comes to contact with, all the users will be able to see are messages on their screens demanding payment in exchange for decryption.  

Are there different types of ransomware attack?

The most common way that ransomware is spread is through phishing campaigns. The cybercriminal sends an email that looks like it’s from a legitimate sender, like a bank or well-known online retailer, designed to trick the recipient to clicking on a link or file. This click installs the malware on the computer.

Other ransomware strategies exploit vulnerabilities in computers and systems. For example, there have been attacks via the Remote Desktop Protocol (RDP), a proprietary network protocol that allows individuals to control a computer’s resources and data over the internet. Here hackers have used brute-force methods to obtain credentials or even purchased them on the dark web. And there have also been cases of cybercriminals exploiting security weaknesses in widely used software programs to gain control of systems and deploy ransomware.

How do you recognize ransomware?

To identify ransomware that arrives as part of an email scam, you should take the same steps you would to protect yourself from any kind of phishing. In other words, treat all email content with caution. If you have any doubts, don’t click on any links or follow any instructions contained in the message until you can verify that it’s legit – preferably by calling the person or institution. Make sure the email address and the sender name match and that they don’t contain small changes, like switching certain letters, that make them different from the authentic email address. Keep your eyes open for spelling errors and unusual domain names.

How can I prevent ransomware attacks?

Rule number one: never, ever click on a link, open an attachment, or download a file unless you are 100 percent sure it is safe! In addition, you should always make sure that your software, systems, and devices are up-to-date and the latest patches have been installed. We get it – all those automatic updates can be annoying. However, they often contain fixes for newly identified security vulnerabilities, so they are an important way to keep yourself safe. Along these same lines, you should make sure that your computer has an up-to-date antivirus program, which detects malware as it arrives, and whitelisting software, which prevents unauthorized applications from executing.

Is there any other ransomware protection?

Keep in mind that the purpose of a ransomware attack is to hold your data hostage. So you can make yourself less vulnerable by backing up all your documents, photos, etc. on a device like an external hard drive. Keep that device separate and offline except during the actual backup process.  Some experts also recommend the use of multi-factor authentication, since passwords alone are more easily compromised.

How dangerous is ransomware?

There seems to have been an explosion of ransomware attacks lately, including several that have shut down large private-sector organizations in the United States this year. Targets have ranged from a water-treatment plant to insurance companies to the Houston Rockets. As this shows, anyone with a computer connected to the internet and important data stored on that computer or network could be vulnerable to such an attack. One security team estimated that there were 65,000 successful attacks in 2020, while the U.S. Department of Homeland Security placed the amount of ransom paid in such schemes at $350 million in the same year.

We hope this answers all your questions about ransomware. We look forward to your feedback below!

Image: 1&1/Shutterstock

7 people found this article helpful.

Related articles

Phishing emails: How to protect yourself

Image of fishhook hooking an @ symbol above a white computer keyboard

Be on the alert for phishing scams that aim to hook your personal information

You have probably heard about phishing scams – fraudulent emails designed to rob you of sensitive data. Because phishing is one of the most widespread forms of cybercrime, it’s important to learn how to recognize these scams so you don’t get caught in the net. more

Posted in

Phishing Security Spam
35 people found this article helpful.

How do I know it’s spam?

Man viewed from behind looking at email icons in air
Not sure which emails are spam? Our checklist can help.

Spam is one of the things people like least about email. Sometimes it is annoying but harmless – like  bulk advertising. Much worse are the spam emails that try to trick you into scams or contain computer viruses. Luckily, today’s spam blockers keep a large share of such messages from reaching your inbox. You can also help keep yourself safe by learning to identify the most common types of spam. more
34 people found this article helpful.

What is greylisting?

Open laptop computer with hourglass placed on keyboard
Ever wonder why an email sometimes doesn’t arrive instantly?
Many of us have experienced this problem: you can’t remember your password for an online service you don’t use that often and have to click “forgot password” to get a reset link. But even though a message pops up claiming that an email was sent to you, no reset link arrives. You click again. And again. Nothing! Then half an hour later, three messages arrive in your inbox all at once. What just happened? One possible cause is a spam-prevention process called “greylisting,” which we’ll explain today. more

Posted in

Email Spam Spam filter
24 people found this article helpful.

Ask the Expert: Secure passwords

Notice board with lots of notes tacked up including one with a password
What password security mistakes can you spot in this picture?
Welcome to our first ever “Ask the Expert” post! We’re joined by our email security expert Arne for a deep dive into the topic of passwords and online security. In an interview, he shares some do’s and don’ts about passwords and clears up some common misconceptions. more
22 people found this article helpful.

But it’s not spam!

Hand pointing at floating red and blue email icons
Stop legitimate emails from being marked as spam
Spam is one of the things people hate most about email. So email providers like mail.com have developed extremely effective systems to block spam emails. The downside, however, is that legitimate emails can be blocked or land in your spam folder. Luckily there are a few tricks you can use to make sure you receive important messages – and to stop your outgoing messages from being marked as spam. more

Posted in

Spam Spam filter Email
22 people found this article helpful.

How do I know if my email has been hacked?

Person wearing hoodie types on laptop while looking at screen with the words Hacker Attack

What happens if your email has been hacked?

How do you know if your email has been hacked or comprised? And if it happens, how can you block cybercriminals and regain control of your account? Discover the most common signs of a hacker attack and what to do about them. more

Posted in

Email Inbox Security
33 people found this article helpful.

Checklist: your personal mail.com settings

Man typing on computer keyboard with word "Password?" appearing over his head
Forgot your password? Saved contact information speeds up the password recovery process
Is your email account as secure as it can be? You can help keep things safe through your personal settings. The personal data associated with your mail.com account can be found on the Home page of your mailbox under "My Account." This is where you go to enter a cell phone number so you can quickly recover your password. Or change your password if you think the old one is no longer secure. But there are a few more things you can do to boost the security of your email. Let’s take a look – we promise, it will only take a few minutes, and it could save you a lot of trouble down the road. more

Posted in

Inbox Security Password
51 people found this article helpful.

2FA? OTP? Why do I need an app for that?

One hand holding smartphone while other hand types on laptop keyboard
The authenicator app on your smartphone generates a one-time code for the 2FA login

Two-factor authentication (2FA) is about boosting your inbox security by adding a second verification step to your email login process. And this second factor is a six-digit security code that you not only use to activate two-factor authentication, but also to log in once 2FA has been set up. This security code is also called an “OTP,” and it’s generated by an app that you install on your smartphone.


Posted in

App Password Security 2FA
18 people found this article helpful.

How secure is my password?

Metal lock on laptop keyboard
A strong password is like a lock protecting your email account
“Better safe than sorry” may be an old saying, but when it comes to your email password, it definitely still holds true. Because if an unauthorized person gains access to your email account, it can have serious consequences. more

Posted in

Security Password
19 people found this article helpful.

Why does mail.com want my address?

Female customer support agent wearing headset and talking to customer
If you contact customer support, your address is one way to verify your identity
When you signed up for your mail.com account, you might have asked yourself why we asked for your postal address. Are they going to send me advertising by snail mail? Give my address to third parties? Of course not! There’s a simple explanation, and it has to do with security. Hopefully this post will clear up the mystery of what we use your contact information for – and why you shouldn’t simply enter a fake address. more

Posted in

Security Password
21 people found this article helpful.