There’s always a scam. On the Internet, people risk system damage and financial compromise just to get access to information, entertainment, communication, and other massive benefits from an increasingly robust world of knowledge.
Viruses, spyware, phishing, and now ransomware are major names in the digital threat realm, yet ransomware’s recent impact on the world can be confusing if you haven’t seen the attacks in action.
Here are a few ransomware details to help you figure out whether your data is at risk, whether you should pay your way out of trouble, and how to stay out of trouble in the first place.
What Is Ransomware?
Most types of harmful code are described by how they work. When it comes to ransomware, it’s all about intent.
Ransomware is any harmful code that locks down data and demands payment in exchange for freeing that data.
There are many ways that ransomware reaches its targets and unpacks its payload, but the final result is what matters: demanding payment for locking down your information.
The most common ransomware is delivered through a trojan. Trojans get their name from the Trojan Horse of Greek legend and pretend to be something innocent or desirable, but once you accept the data, harmful code is unleashed.
In some cases, it could be a file or program that you were expecting. You, your friends, family, employees, or coworkers could be downloading from what you thought was a reputable site, only to find out later that you stumbled upon a fake site with a mess of fake files.
The actual program might work. One of the easiest ways for hackers to fool innocent Internet users is to simply take a copy of a real file or program, pack in some malicious code, and let you open it.
There are many ways to scan for harmful information. Since Trojans are well-known threats, most antivirus scanners on the market are able to track down manipulated files.
One thing to realize about many viruses on the Internet is that they’re often copies of other attacks. The person who infected you may not be the original author. Just as you download files and programs to do your job, they download hack tools and set traps for unsuspecting users.
These types of “hackers” are sometimes called Script Kiddies or Skiddies as an insult to their inability to write their own code. While it may not matter to you if you’re infected, that fact can help you understand why the practice seems so widespread, but so many people seem safe by applying basic tech security practices.
It’s rare that you would be the target of a talented, original hacker. Like any other theft or vandalism, the targets often follow these trends:
- Members of profitable, powerful, or well-known organizations. Big businesses and government departments fit this bill.
- Pre-determined targets. This means the hacker knows you, knows that you have something that they want, or knows that you can afford the ransom.
- A completely random target. It just wasn’t your lucky day, but now you’re one of the first victims of a new type of attack.
If you own, are part of, or are contracting with a business, you need a business-class cybersecurity professional on your side. Small businesses have the least risk, but they’re also a profitable practice target for fledgling hackers.
If you’re an individual, you can take charge of your own security and consult a cybersecurity professional with far less investment and system coverage than a business. It’s not about how important your data is, but how many ways you can be attacked.
Individuals usually have fewer openings to attack, and if you have too many openings, a cybersecurity professional can help you dial back on the exposure.
How Is Ransomware Different from Viruses?
Ransomware usually refers to a technique that encrypts or scrambles your information in a way that can’t be easily cracked.
Encryption itself isn’t a bad thing. You use it every day, from using banking and shopping websites that encrypt your data with HTTPS, TLS (or the older SSL) and other methods of scrambling your data.
The problem with ransomware is that it’s strong encryption without your permission. Highly-complex encryption methods such as 2048-bit RSA are amazing for protecting your files when you have a key.
Until some new breakthrough in computer science unfolds, it would take 6.4 quadrillion years to brute force or digitally guess your way through the encryption.
In a ransomware attack, it’s not just that someone else has the key. There are keys to other keys that are all encrypted, and the key that can unlock your files is held by the hacker.
That’s what you would be paying for. When a hacker demands payment to release your files, they’re selling you the complex keys to your information.
Should I Pay Ransomware Thieves?
Paying hackers is never a good idea. There’s no guarantee that the key will be delivered, and you could be identifying yourself to hostile people who otherwise have no idea who you are.
Or even worse, you could be giving your information to hostile people who share information with other hostile people. It’s a huge gamble no matter what you do.
Some individuals and organizations have received their files, but you can’t easily prove that you’re dealing with an “honest thief” if such a thing does exist.
You could be dealing with liars. Even worse, you could be dealing with incompetent hackers who didn’t encrypt the information properly or don’t know how to use the keys they have.
If you find yourself wondering “should I pay ransomware thieves?”, ask yourself a few questions:
- Is it really ransomware? It could be a program pretending to be ransomware.
- Will you actually get your files back? The thieves may take the money and demand more, disappear, or not know how to help you.
- Do you have copies of the files elsewhere? Copies or slightly out-of-date files may be a small victory, and you should weigh that against the ransom price.
How to Prevent Ransomware in the Future
While many people are infected because they have no data protection at all, what about people who follow cybersecurity advice and still fall victim to ransomware? One of the best answers is a robust backup schedule.
Think about the most important data you have. Do you have a copy of it? Is that copy connected to a network? Do you have separate storage for your data?
One way to prevent infection of all information is to have a backup that isn’t connected to the Internet, your internal network, or any network. This can be done with tape drives, USB drives, discs, or other storage that can be removed.
Make a backup, remove it from the system, and place the backup in a drawer or vault. Perform daily or weekly backups to make sure that you have a reasonably up-to-date version of your files, and consider having two or even three backups.
If a ransomware attack happens while you’re backing up, your files can be infected. The same thing can happen if you forget to remove a thumb drive from your computer before an infection happens.
With backups out of the way, now it’s time to talk about best practices. If you own or operate a business with an IT department, are you limiting what can be opened or downloaded? Do you have not just an antivirus system, but a firewall that can block undesirable sites?
Making sure you have all of your bases covered and top-rated protection against ransomware, other malware, and even identity theft is the best practice for anyone using a computer in this highly digital day and age.