Ransomware attacks: How you can recognize and prevent ransomware

What is ransomware?

Ransomware is one of several types of malware – in other words, software designed to cause malicious damage to your computer or system. A computer virus is also an example of malware. In the case of ransomware, the malware is designed to encrypt the files on a device or computer network, rendering them unusable. The cybercriminals behind the attack then demand money to decrypt them, in effect holding the information hostage and demanding a ransom for its release.

A ransomware attack often works by tricking a user into clicking a malicious link that downloads a file from an external website. Because the user does not know the file contains ransomware, they open or execute it. Ransomware software is also designed to take advantage of security vulnerabilities and spread from one computer to others that it is networked with, e.g. within an organization. Once the ransomware simultaneously encrypts all files it comes to contact with,   all the users will be able to see are messages on their screens demanding payment in exchange for decryption.  

Are there different types of ransomware attack?

The most common way that ransomware is spread is through phishing campaigns. The cybercriminal sends an email that looks like it’s from a legitimate sender, like a bank or well-known online retailer, designed to trick the recipient to clicking on a link or file. This click installs the malware on the computer.

Other ransomware strategies exploit vulnerabilities in computers and systems. For example, there have been attacks via the Remote Desktop Protocol (RDP), a proprietary network protocol that allows individuals to control a computer’s resources and data over the internet. Here hackers have used brute-force methods to obtain credentials or even purchased them on the dark web. And there have also been cases of cybercriminals exploiting security weaknesses in widely used software programs to gain control of systems and deploy ransomware.

How do you recognize ransomware?

To identify ransomware that arrives as part of an email scam, you should take the same steps you would to protect yourself from any kind of phishing. In other words, treat all email content with caution. If you have any doubts, don’t click on any links or follow any instructions contained in the message until you can verify that it’s legit – preferably by calling the person or institution. Make sure the email address and the sender name match and that they don’t contain small changes, like switching certain letters, that make them different from the authentic email address. Keep your eyes open for spelling errors and unusual domain names.

How can I prevent ransomware attacks?

Rule number one: never, ever click on a link, open an attachment, or download a file unless you are 100 percent sure it is safe! In addition, you should always make sure that your software, systems, and devices are up-to-date and the latest patches have been installed. We get it – all those automatic updates can be annoying. However, they often contain fixes for newly identified security vulnerabilities, so they are an important way to keep yourself safe. Along these same lines, you should make sure that your computer has an up-to-date antivirus protection, which detects malware as it arrives, and whitelisting software, which prevents unauthorized applications from executing.

Is there any other ransomware protection?

Keep in mind that the purpose of a ransomware attack is to hold your data hostage. So you can make yourself less vulnerable by backing up all your documents, photos, etc. on a device like an external hard drive. Keep that device separate and offline except during the actual backup process. Or if you prefer, you can backup files and photos to online cloud storage. If you think you will forget to perform a regular backup – daily or at the very least weekly – consider setting up automatic backups or set alerts in your calendar.

What about ransomware removal?

If your computer has been infected with ransomware, there are steps you can take to remove the actual malware. Install a good antivirus software that can identify malware and perform a scan of your computer. If the security software finds dangerous files, including the ransomware program, you can delete them manually or the antivirus software can delete them for you (recommended). Ransomware decryption is a more difficult matter – if the ransomware has already encrypted files on your computer, simply deleting the malware will not restore your access to these files, although it will prevent further damage. After removing the malware from your device, you can perform an internet search to see if a reputable cybersecurity company such as Avast or Kaspersky has developed a decryptor for the specific type of ransomware you were attacked with. If so, you can download the decryption tool and follow the instructions. Keep in mind that it will not always possible to decrypt your files. This is why it is so important to regularly back up your data as described above. If you have done so, once you have cleaned your computer using the antimalware software, you can simply restore your files using the backup versions and not have to worry about being able to find a decryption tool that works in your case.

How dangerous is ransomware?

There seems to have been an explosion of ransomware attacks lately, including several that shut down large private-sector organizations in the United States last year. Targets have ranged from a water-treatment plant to insurance companies to the Houston Rockets. As this shows, anyone with a computer connected to the internet and important data stored on that computer or network could be vulnerable to such an attack. One security team estimated that there were 65,000 successful attacks in 2020, while the U.S. Department of Homeland Security placed the amount of ransom paid in such schemes at $350 million in the same year.

We hope this answers all your questions about ransomware. We look forward to your feedback below!

This article first appeared on July 5, 2021 and was updated on Dec. 12, 2021

Image: 1&1/Shutterstock