Ransomware

Ransomware is malicious software which locks your screen or encrypts—or scrambles—a user’s computer and/or files.

It’s often delivered via harmful email attachments, outdated browser plug-ins, websites, text messages, and more.

Some hackers also steal sensitive data (e.g., an investment firm’s financial data) and threaten to make the data public unless a ransom is paid.

It may take over an entire network of computers, external hard drives, USB devices, and Web servers.

Unlike most viruses that work to corrupt your files or system, ransomware essentially kidnaps your files—everything from confidential customer information to family photos—for an anonymous ransom payment.

Cyber criminals don’t have to keep their side of the bargain and deliver the key if the ransom money is paid.

If there is a flaw in the ransomware code, your data may be permanently unrecoverable, even if you have the decryption key.

The files may also not work the way they should after decryption.

What’s worse: You also could be targeted again in the future.

Once files are encrypted, instructions appear on your computer or device, demanding a large payment in exchange for the decryption key to unlock them. The instructions may appear as a text document or graphic on your desktop or a Web page on your browser.

The encryption is so strong that it’s estimated the average desktop computer would need 4.6 quadrillion years to solve it.

Ransomware can hit anyone: Large companies, small businesses, hospitals, schools and universities, and individuals.

It can occur on all computers, file servers, tablets, and smartphones. Ransomware can impact your USB storage device, your personal fitness tracker, and your external hard drive.

If it can connect to the Internet, it can be taken over by ransomware.

At first, problems pulling up arrest and incident records seemed to be the normal technical difficulties. Not a big deal.

Persisting issues motivated the police department to call in a technician. Their most recent back-ups on an external hard drive were corrupted, and the most reliable back-ups were 18 months old.

It took just a few days to realize they were infected with ransomware, making everything impossible to access unless a large sum was paid before a certain date.

Since all of the police department’s computers have mapped drives and are connected via a network, it encrypted a large server containing their records management, arrest logs, calls for service, motor vehicle matters, and more.

The matter was eventually resolved with some help from American federal authorities and private sector security firms. It was an eye-opening experience, I can tell you. It made you feel like you lost control of everything, said the police chief.

Prevention is the best strategy to avoid organizational disruption.

Knowing the infection methods and practical ways to avoid ransomware can save you from this traumatic scenario

Methods:

Ransomware can spread the same way as most traditional computer viruses: through email spam and attachments.

A cyber criminal may send out a mass email with a malicious attachment disguised as an invoice, a PDF, or ZIP file, but it may be an executable.

Some emails are more sophisticated, using the target’s name and other familiar details to make them look legitimate.

If opened, the system is susceptible to the ransomware.

Ransomware can be delivered through pirated versions of popular software, free games, game modifications, free screensavers, and adult websites.

Malware may come from advertisements, videos, pop-up windows, or browser plug-ins attempting to exploit out-of-date browsers or vulnerable software on a user’s computer.

It can be downloaded through links on social media networks and through adult websites.

Cyber criminals can tailor pop-ups on the Web to look like threatening messages from law enforcement, prompting the user to take action. This is called scareware.

However, not all ransomware requires direct action on the user’s part.

Ransomware can be delivered via a legitimate but compromised website. These legitimate websites may have been taken over by cyber criminals.

In some cases, the ransomware can take over a browser and constantly reload the same ransom demand instructions.

1)Stay vigilant when opening email. This includes verifying sender authenticity and double-checking email content such as attachments and URLs.

Work with your IT group to see how you can safely open unexpected and unknown attachments.

2)Disable pop-up windows in your Web browser.

Disable browser plug-ins or set your browser to prompt you to run the plug-in. This is commonly referred to as click-to-run.

Keep browser plug-ins such as Java, Flash, and Adobe Acrobat up to date.

3)Regularly back up files stored on your computer, tablet, and smartphone.

Work with your IT group to see how you can ensure your most valuable files are backed up and protected.

If your machine becomes infected with malware, these backups can be used to restore your system.

If performing your own backups, unplug your external hard drive after every manual backup.

4) Keep all software, including your antivirus software, up to date.

Keep in mind that not all antivirus software can detect every type of virus or ransomware.

Ransomware operators take advantage of out-of-date software by constantly modifying the ransomware code so that it can remain undetected.

The real cost is downtime

If ransomware occurs, what matters is how quickly employees can get back to work.

Infection can take down multiple offices in one sweep. There could be weeks worth of work dedicated to the recovery or recreation of lost files.

Ransomware can also reduce customer satisfaction and traumatize staff.

How can I tell if my computer is infected?

Look for any or all of these characteristics:

• You suddenly cannot open files you could open before

• Errors appear telling you the file is corrupt, cannot be found, or it has the wrong extension

• You see a payment countdown window, program, or ransom demand instructions

• Files you didn’t create or add appear on your desktop that look like ransom demand instructions

Don't lose hope, but act fast

The best thing to do first, is to contact your company's IT group or security team. They may have specific procedures to take.

Click the more button to see how the law enforcement community recommends you handle a potential ransomware infection.

Encryption takes a lot of time. If you suspect that your files are in the process of being encrypted by ransomware:

1. Immediately disconnect from any network.

2. Pull the power plug from your desktop computer. If you’re using a laptop, press and hold down the power button until it turns off. If you’re using your smartphone, turn it off.

3. Call your company’s IT group or help desk for assistance. Don’t take matters into your own hands.