What is ransomware?

Red-on-black image of locked computer screen against a background of binary code
Do you know how to recognize and protect yourself against ransomware?
You may have seen headlines about ransomware attacks on institutions ranging from banks to hospitals to gas-pipelines. But what is ransomware, why is it dangerous, and can such attacks be prevented? Today, we answer your questions about ransomware.

What are ransomware attacks?

Ransomware is a type of malware – in other words, software designed to cause malicious damage to your computer or system. In this case, the malware is designed to encrypt the files on a device or computer network, rendering them unusable. The cybercriminals behind the attack then demand money to decrypt them, in effect holding the information hostage and demanding a ransom for its release.

A ransomware attack often works by tricking a user into clicking a malicious link that downloads a file from an external website. Because the user does not know the file contains ransomware, they open or execute it. Ransomware software is also designed to take advantage of security vulnerabilities and spread from one computer to others that it is networked with, e.g. within an organization. Once the ransomware simultaneously encrypts all files it comes to contact with, all the users will be able to see are messages on their screens demanding payment in exchange for decryption.  

Are there different types of ransomware attack?

The most common way that ransomware is spread is through phishing campaigns. The cybercriminal sends an email that looks like it’s from a legitimate sender, like a bank or well-known online retailer, designed to trick the recipient to clicking on a link or file. This click installs the malware on the computer.

Other ransomware strategies exploit vulnerabilities in computers and systems. For example, there have been attacks via the Remote Desktop Protocol (RDP), a proprietary network protocol that allows individuals to control a computer’s resources and data over the internet. Here hackers have used brute-force methods to obtain credentials or even purchased them on the dark web. And there have also been cases of cybercriminals exploiting security weaknesses in widely used software programs to gain control of systems and deploy ransomware.

How do you recognize ransomware?

To identify ransomware that arrives as part of an email scam, you should take the same steps you would to protect yourself from any kind of phishing. In other words, treat all email content with caution. If you have any doubts, don’t click on any links or follow any instructions contained in the message until you can verify that it’s legit – preferably by calling the person or institution. Make sure the email address and the sender name match and that they don’t contain small changes, like switching certain letters, that make them different from the authentic email address. Keep your eyes open for spelling errors and unusual domain names.

How can I prevent ransomware attacks?

Rule number one: never, ever click on a link, open an attachment, or download a file unless you are 100 percent sure it is safe! In addition, you should always make sure that your software, systems, and devices are up-to-date and the latest patches have been installed. We get it – all those automatic updates can be annoying. However, they often contain fixes for newly identified security vulnerabilities, so they are an important way to keep yourself safe. Along these same lines, you should make sure that your computer has an up-to-date antivirus program, which detects malware as it arrives, and whitelisting software, which prevents unauthorized applications from executing.

Is there any other ransomware protection?

Keep in mind that the purpose of a ransomware attack is to hold your data hostage. So you can make yourself less vulnerable by backing up all your documents, photos, etc. on a device like an external hard drive. Keep that device separate and offline except during the actual backup process.  Some experts also recommend the use of multi-factor authentication, since passwords alone are more easily compromised.

How dangerous is ransomware?

There seems to have been an explosion of ransomware attacks lately, including several that have shut down large private-sector organizations in the United States this year. Targets have ranged from a water-treatment plant to insurance companies to the Houston Rockets. As this shows, anyone with a computer connected to the internet and important data stored on that computer or network could be vulnerable to such an attack. One security team estimated that there were 65,000 successful attacks in 2020, while the U.S. Department of Homeland Security placed the amount of ransom paid in such schemes at $350 million in the same year.

We hope this answers all your questions about ransomware. We look forward to your feedback below!

Image: 1&1/Shutterstock
 
 
 

9 people found this article helpful.

Related articles

What is spear phishing? Can you prevent it?

Phishing emails: How to protect yourself

Spamhaus, bounced emails and blocked IP addresses