Ransomware: What it is, How it Works, and What to Do if You Are Victimized
Imagine you’re working on your computer and suddenly a message pops up, complete with official-looking logos, claiming “STOP! YOUR COMPUTER HAS BEEN LOCKED BY THE FBI.” The message goes on to demand a $475 fine in order to regain access to your computer and its data. What just happened? More importantly, what should you do?
This new scam is called ransomware, and it affects both personal computer systems and corporate networks. In fact, a number of reputable government agencies have also been victimized. This is what you need to know about ransomware and how to protect yourself.
What is Ransomware?
Is it really the FBI? Is there any way out without paying? Ransomware criminals want you to act out of fear or embarrassment before you think it through.
Ransomware comes in multiple forms, but is essentially a variety of the same thing. Ransomware uses some type of malware to infect a computer to either block access to the operating system, halt applications like browsers, or encrypt files so that they are unreadable. After locking you out of your data, the criminals demand a ransom to restore your computer, applications, or files. This scam comes in numerous forms, including:
Impersonating Government Agencies
The scammers hope that victims will be so horrified by their accusations that they would pay anything to keep it quiet — even if it isn’t true. They often suggest victims have abused children or cheated on their taxes.
Bogus messages that appear to come from law enforcement, such as the FBI, Department of Justice, or a local police or sheriff’s department. These messages claim that you have committed some crime and demand a fine. Crimes you supposedly committed include (but are not limited to):
- Child abuse or child pornography
- Downloading graphic adult content
- You owe some tax or other type of payment
These messages are designed to frighten or embarrass the victim. Even when you know that you haven’t done anything like they are accusing, it’s usually something you’d rather pay to go away than face up to. Who wants to tell their employer that the FBI locked them out of their computer for kiddie porn? People usually pay the criminals rather than face the accusations.
Impersonating Antivirus Software
Other scammers post messages that your system has been infected with a virus and then ask for a fee to remove it. It’s true that your system has a virus, but the ones offering to remove it (for a price) put it on there in order to extort money out of you.
Overt Blackmail or Extortion
Some hackers forego the ruse of playing cops and robbers or posing as benevolent antivirus agencies. Instead, they go for the throat. They lock you out of the system or parts of the system and demand a ransom to get back in. Or, they steal your sensitive information and demand payment not to release it to the public. In some cases, they have encrypted entire corporate or government databases and demanded payment to restore the data.
What to Do if You are a Victim of Ransomware
The first thing to do is not to panic. Educate yourself and your users on the issue of ransomware so that when a scary or threatening message pops up they know what’s going on. These criminals prey on people who get scared and pay before they stop to think.
All law enforcement agencies and cyber security experts are in agreement — if there is any possible way to prevent paying, don’t. First, you have no guarantee that they will restore data or unencrypt your system if you do pay. Or, they could up the amount once you agree to the first demand. In instances where the criminals are threatening to go public with sensitive personal or corporate information, they might do so even if you do pay. Ransomware instances average a demand of $300 to $600 each.
Additionally, any money you do pay is most certainly going back into the criminals’ coffers to be used to develop more malware to torment other people. Unless the data is essential and critical — and there is absolutely no other way to retrieve or safeguard the data — do not pay. Fortunately, you can prevent getting into this predicament with some planning now.
What to Do to Prevent Becoming a Target of Ransomware
Backup your data. Backup regularly, backup thoroughly, and backup safely. After backing up systems, disconnect the backup system from the operations system — locking it safely away from criminals’ hands. Use solid data transfer methods to verify that data is backed up correctly and completely. Even if your computer or company are never victimized by ransomware, any number of disasters (hardware failure, natural disaster, other malware, etc.) are a constant threat to unprotected data.
Install, update, and scan with antivirus software regularly. Use firewalls and security settings. Make sure the antivirus software is updated often and run scans regularly. It’s an excellent idea to run an antivirus scan just prior to backing up, for a one-two punch of data protection.
When it comes to stopping ransomware, an ounce of protection is worth many pounds of cure.