Brian Danzinger has more than 20 years of experience in the banking industry. In his current role, Brian facilitates creative e-commerce solutions to simplify banking and provide the best customer experience. Brian is an associate lecturer and professor in technology for UW-Green Bay, Silver Lake College and Concordia University. He holds a Ph.D. in e-commerce and has a background in cybersecurity.
You log onto your computer and attempt to access documents in a client folder. However, instead of the file opening normally, a screen pops up warning you that your files have been locked and made inaccessible unless you pay a $3,000 ransom. And just like that, you may have become a victim to ransomware.
What is ransomware?
Ransomware is a type of malware virus that allows attackers to encrypt certain files or data, preventing users from accessing them. Only by paying a “ransom” will the attackers release the decryption key, allowing you to once again have full access to your files. Ransom instructions are embedded as part of the infection and anonymous or hard to track service like BitCoin are then used to process payment. Similar to the crime of kidnapping, attackers leverage ransomware to take something of value from you and will only release it once a payment is made.
Ransomware targets a wide variety of data and file types, allowing attackers to restrict access to items of sentimental value like your family photo collection, or it can target business-related data like client files, electronic legal documents and work projects. While losing personal photos from your last family trip can be disheartening, not having access to confidential client files can be an equally alarming scenario. That’s why attackers rely on one’s emotional attachment to – or need for – files to demand payment.
The impact of ransomware
Ransomware is on the rise, targeting both personal machines and business networks. According to a recent report by the FBI, 47 percent of businesses have been affected by ransomware. More than half (59 percent) of the reported ransomware infections were delivered via email attachments and embedded URLs.
Recent ransomware viruses like the “WannaCry” and “Petya” had an estimated $1 billion-dollar impact on business globally and spread to as many as 64 countries within the first few hours of release. The BBC reported that one of the victims of the recent ransomware attack was South Korean firm Nayana, which paid an unprecedented $1 million-dollar ransom to attackers in exchange for unlocking their infected machines. Ransomware is also targeting mobile devices, with mobile ransomware increasing by over 250 percent during the first few months of 2017, according to Kaspersky Security.
How ransomware works
Similar to other viruses and malware attacks, a user’s computer needs to be hit by an infected payload. Users may inadvertently download ransomware from a spoofed or compromised website. Ransomware can also be delivered as an email attachment from either an infected contact or through a well-designed phishing email. Once ransomware has impacted a user’s machine, certain files will be targeted for encryption and ransoming.
In some scenarios, ransomware can also be designed to lock the computer screen, preventing all access to the machine, only displaying instructions for how to make a payment. Due to the level of encryption used by most ransomware payloads, an attempt to bypass and circumvent the virus once installed is highly unlikely to work.
How to prevent ransomware attacks
Similar to other viruses and cyberattacks, the FBI has put together a list of best practices that users and organizations can take to help protect their data.
Make sure you have updated antivirus software on your computer.
Enable automated patches for your operating system and web browser.
Have strong passwords, and don’t use the same passwords for everything.
Use a pop-up blocker.
Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
Don’t open attachments in unsolicited emails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if you think it looks safe. Instead, close out the email and go to the organization’s website directly.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.
To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system backups and store the backed-up data offline.
To stay up to date on the latest fraud protection strategies, sign up to receive our quarterly e-newsletter full of information, resources and tools to help your business detect and mitigate fraud – making it easier to protect your assets.