We live in an age of cutting-edge technology that’s constantly evolving, which means the security measures we put in place to protect our online assets and information must also evolve quickly and efficiently. Unfortunately, threats to new business security solutions tend to develop almost as quickly as the solutions themselves. Just as viruses evolve to become immune to medication, malicious online threats “learn” how to avoid being thwarted. One of the biggest threats to business security across the globe in 2016 is a strain of virus called ransomware.
What is ransomware?
Ransomware is malicious software, a.k.a. malware, used by cybercriminals to extract money from their victims. Cybercriminals essentially hijack the information in your computer through infected Web pages, pop-up error messages, bad links and more, then demand a payment – or ransom – in exchange for unlocking and returning the data. Essentially, hackers use ransomware to hold your systems and user data hostage. What’s more, an attack on a single computer can infect an entire network, plus any extraneous devices to which it is connected, making ransomware a devastating threat.
When ransomware first began appearing, it did so in the form of an alert that claimed a user’s computer was infected and would have to be cleaned with (fake) antivirus software. However, this original scenario is tame compared to the Web attacks of today.
According to security experts, there are two major types of ransomware. The first, called “Winlocker,” is the less harmful type. Typically, WinLocker will lock your computer screen and demand a ransom in exchange for restoring access. Users will face only minor downtime while they remove the malware off their computers.
The second type, crypto-ransomware, is significantly more serious. Unlike WinLocker, this ransomware actually encrypts all personal user file types. Hackers can then demand a ransom in exchange for the decryption keys to all files. This ransomware is highly evolved, and the decryption key is only accessible on the hacker’s server. Users have little, if any, chance of recovering their files, which can have catastrophic consequences – including the loss of years and years of data and work.
Unfortunately, Ransomware-as-a-Service is a growing trend in 2016. Believe it or not, RaaS actually lets less-experienced cybercriminals purchase packaged ransomware to deploy. The seller takes an upfront payment for the software and a cut of any money made by the hacker.
How does ransomware get on my computer?
The important thing to remember is that ransomware can only get on a computer if a user installs it. That being said, there are a variety of ways a cybercriminal will entice a user to download malware.
Typical methods include using email or social media-based links that lead to infected web pages, or leveraging fake pop-up errors on websites or on your desktop. A lot of these links will appear to come from people you know or are connected to – because they’ve been hacked.
Once clicked or downloaded, the ransomware messages are typically aggressive, accusing users of illegal behavior or claiming the computer has been frozen by law enforcement pending the payment of a fine related to suspicious or unlawful activity. Some messages will even threaten to publicly release all of the user’s personal data and files.
Even if you do make a payment to a hacker, there is absolutely no guarantee that he or she will unlock your data. That’s why it’s important to ensure malware never makes it onto your computer to begin with.
How can I protect myself?
While there are myriad tools available to help block ransomware threats, few are 100% unbeatable. Luckily, there are a lot of user-implemented measures you can employ. These are just a few of the easiest common-sense solutions to follow:
- Do not open suspicious-looking attachments, either from unknown senders or senders you may be familiar with, and do not click on suspicious-looking links on social media networks or messaging apps, even from senders you know. (Again, cybercriminals can easily hack into accounts and mass-distribute bad links.)
- Use strong passwords. (Check out our online safety post for tips on strong passwords!)
- Block pop-ups.
- Always have your OS firewall turned on and properly configured, and enhance it with additional protection.
- Personalize anti-spam settings.
- Keep all operating systems, browsers, antivirus software and other software up to date.
- Always back up your data to an external drive or service.
While the threat of cybercrime continues to become more sophisticated, so do the solutions and behaviors practiced by businesses and individual users to ensure the protection of their private and personal information. Get ahead of hackers eager to hold your data ransom by employing the tips detailed above.
For more information on advanced endpoint security services, check out our services page! The purpose of this blog is to answer the IT questions that YOU have, so feel free to contact us with questions and comments!