Ransomware has been around for a long time. The first known attack took place in 1989, and by 1992 researchers had figured out the potential for attacks using public-key cryptography to effectively lock out users out of their own files unless they pay their attacker for the private decryption key. Though ransomware has been with us for a long time, it’s recently exploded in prominence thanks to cryptocurrencies like bitcoin, which give attackers a payment option that’s reliable and difficult to trace.
Advances in cryptography have made breaking encrypted files nearly impossible, even for law enforcement and professional cybersecurity firms. It’s the digital equivalent of placing an uncrackable lock on your file cabinet that only the attacker has the key to. No wonder that many victims simply pay up. Of course, as with any other ransom scheme, paying up only emboldens the attackers further.
Professional cybercriminals have made ransomware into a big business. One sign of their professionalization? At least one gang has even developed an affiliate program that gives other cybercriminals a cut of their ill-gotten gains in exchange for spreading the malware further.
Just to give you one example: in 2012, the cybersecurity firm Symantec gained access to a server used by one (relatively small) ransomware gang and found that the crooks netted nearly $400,000 in one month. Today a hacker can make up to $1,000,000 in a single day.
How Ransomware Works
If you’ve never had the distinct displeasure of being hit by ransomware, here’s how it generally works: You’ll be going about your business, when all of a sudden your display will freeze, leaving you unable to access any programs. Instead, you’ll see a message informing you that your files have been locked.
In the past, these messages often appeared to come from law enforcement, claiming that your computer has been locked due to illicit activities. Other variations of the scam used imagery that appears to come from Microsoft or Apple itself, claiming that you need to pay in order to “activate” your software. The latest generation of attackers, however, usually dispenses with the pretense and just informs you that your files have been encrypted and that you’ll have to pay up.
Either way, you’ll then be informed that you may regain access to your files if you pay a fine within some set window of time (72 hours seems to be typical), after which point the ransom will increase or the key may be destroyed, locking your files forever. The fines are typically around $300, though they can range as high as $5,000.
In the past, attackers required you to pay the fine via SMS or by purchasing a prepaid online PIN. These days, however, most attackers demand bitcoins outright, sometimes delivered via the routing software Tor in order to further conceal their identity. (In case you don’t know anything about bitcoin or Tor, the attackers helpfully provide step-by-step instructions.)
The Bad News
When it comes to ransomware, there’s very little good news. The sophistication of modern ransomware attacks means that once you’ve been infected, there’s often little (or nothing) you can do. So, without further ado, here’s the unvarnished bad news about ransomware.
- Your best bet may be to pay the ransom. Public-key cryptography has advanced to the point that a well-designed attack is essentially unbreakable. In 2015, a number of police stations were hit with ransomware attacks, locking officers out of arrest records and databases of mugshots. Even with the help of private security firms and the FBI they were unable to recover their data. The FBI’s advice? “Just pay the ransom.”
- But even if you pay, you may not get your data back. Some of the more “honest” ransomware gangs will actually send a key to unlock your files, while the even-less-scrupulous ones will simply demand more ransom. Some of these programs don’t even have the code necessary to send a recovery key.
- Your files aren’t safe in the cloud. Many people still think of ransomware as something that happens to local machines, but recent attacks can also spread via SaaS platforms like Google Drive and Microsoft OneDrive. Syncing your local files with the cloud can spread the encrypted ransomware into the cloud, potentially spreading it to all your shared files and folders. In some cases, you may be able to restore the files to an earlier version, but beyond that there may not be much you can do.
- Your devices may be vulnerable too. Mobile-specific strains of ransomware can target Android phones. These viruses masquerade as a software patch, tricking users into granting them admin privileges, at which point they change the phone’s PIN, requiring the user to either pay the ransom or perform a factory reset, wiping all their data in the process. To make matters worse, IoT devices can also be commandeered by ransomware attacks, and their notoriously weak security makes them especially vulnerable.
The Good(ish) News
As we’ve said, there’s not much good news when it comes to ransomware. That said, if there is a hint of a silver lining, it’s this: As Wired puts it, ransomware is just regular malware “with a dash of extortion.” That means all the best practices that protect you from other forms of malware also apply to ransomware.
- Don’t click suspicious links. Better yet, don’t open suspicious emails at all. Fake emails disguised as package notices from the postal service or UPS are one of the most common ways ransomware is spread. More disconcertingly, some recent ransomware attacks have used fake display ads on legitimate sites to lure users into clicking.
- Backup your files! Remember, cloud services may not be totally safe, but they will often allow you to restore previous versions of corrupted files. That said, hard drive backups are best. Just make sure they aren’t connected to the internet, as many strains of ransomware can infect shared and connected drives.
- Tell your network administrator. If your work computer gets infected, tell your security or IT people immediately. Ransomware is designed to spread quickly, and you don’t want your entire network to fall victim.
- Keep your software up-to-date. This goes for both your OS and any antivirus software you may be running. A major ransomware attack in May 2015 was almost entirely preventable given that a patch that fixed the underlying issue had been available for two months prior to the attack. While software updates and antivirus tools won’t protect you from the latest attacks, they can still offer protection against known threats.
- Consult with a cybersecurity expert. A skilled internet security expert can help you identify weak points in your organization’s IT infrastructure and help develop best practices for your team. Want to learn more about IT security and how encryption can be used to protect rather than corrupt your data? Check out our article, “Inside IT Security: How to Protect Your Network from Every Angle.”
Get more work done, faster with freelance help. Post a job today and get started!