Ransomware

Ransomware is malware that encrypts files on your device or locks your device completely. After the device is infected with ransomware, the victim of the attack is asked to pay a ransom, usually in bitcoins. Victims are told that the only way to get the decryption key is to pay the ransom. Ransomware ransoms are usually worth around 300 – 500 dollars and are usually demanded in bitcoin cryptocurrency. Paying the ransom in bitcoins makes it harder to track down and catch cybercriminals. The criminal using the ransomware may also set a time limit for the ransom to be paid.

Types of ransomware attacks

Ransomware can be divided into two categories: ransomware that locks the infected device and ransomware that encrypts data and files on the infected device. Once ransomware has locked your device or the data on it, cybercriminals can also threaten to leak the data online for all to see. In the case of data-locking malware, the victim’s computer is otherwise accessible, but the locked data is inaccessible. Computer viruses, which include ransomware types, are usually downloaded onto a device either accidentally or through another malicious program. The most common distribution channels for ransomware are email attachments, infected and malicious websites and advertisements, and unprotected Wi-Fi networks. Phishing attacks often involve malicious email attachments that contain malware, such as viruses, trojans, or ransomware. Some malware can also download ransomware to your device without your knowledge. Criminals can also infect the target computer by downloading ransomware or Trojans onto an unprotected device.

Ransomware on mobile devices

Ransomware can also target mobile devices, such as Android and iOS devices. Worse still, they are a growing threat due to the popularity of phones and other smart devices. So-called smishing attacks, i.e. scams via SMS and instant messaging services, are also a common threat. Fortunately, anti-virus and security solutions for mobile devices are now available. Unfortunately, these days, mobile devices are threatened by many types of malware – not just ransomware.

What to do if you encounter ransomware

What should I do then if I encounter ransomware? Once a ransomware attack has begun, removing the ransomware is tricky. Often it is completely impossible to remove ransomware. Therefore, protection against ransomware starts with a reliable antivirus program that will prevent ransomware from entering your device. You can also be prepared by regularly updating your computer and software and backing up your files. If you have backups of your files, you won’t lose them in the event of a ransomware attack. 

Should you pay the ransom?

No ransom should be paid because paying the ransom does not guarantee that you will get your file back. If your files are hijacked and you don’t have backups, you should first check if there is a decryption tool available that can undo the ransomware. It is also worth reporting your situation on support forums such as Bleeping Computer, where there are many discussions about various types of ransomware. It is also advisable to report the attack to the authorities. It may be tempting to pay the ransom demanded by cyber criminals to regain control of locked files or your computer. Organisations and businesses can be so severely disrupted by a ransomware attack that paying the ransom may seem like the only option. But by paying the ransom, you are funding cybercrime – and you can’t guarantee that criminals will actually do what they promise to do in return for the ransom.

Not only can you not be sure of the criminals’ promises, paying the ransom also encourages cybercriminals to look for more potential targets for ransomware. For example, the US Federal Bureau of Investigation (FBI) is urging victims of a ransomware attack not to pay the ransom. The cheapest and easiest solution is to prepare for malware in advance, so you don’t get caught in this situation in the first place.

Notable ransomware attacks

Many ransomware attacks have caused so much damage and horror among organisations and people that it is worth highlighting a few of them. As an example, here are three of the most significant ransomware attacks of the last few years: WannaCry, Petya, and Ryuk. In addition to these, other well-known ransomware attacks that have caused a lot of damage include Bad Rabbit, CryptoLocker, and Locky.

Ransomware-as-a-service (RaaS)

You may have heard of a business model called software-as-a-service or SaaS, where the service provider’s service is delivered over the network and the service itself is in the cloud and does not require, for example, software to be installed. SaaS is a convenient solution, but there is a more harmful alternative in circulation: RaaS, or ransomware-as-a-service, which means that the RaaS provider sells malware that it has developed, which the buyer of the service can use to extort money from the target. RaaS services also allow ransomware attacks to be carried out by those who do not have the IT skills to develop the ransomware malware themselves.