What is ransomware?

Note: This is blog 1 of 4 in our ransomware series.

As 2017 began, the St. Louis public library system found itself the latest victim of ransomware, which is shaping up to be the new dominant form of cybertheft. The attack froze the computer system for all 17 of the city’s library branches, shutting down patrons’ ability to borrow or return books unless the city paid $35,000 in bitcoin for the system to be restored. Fortunately, the library system’s IT staff was able to rebuild their system from backup files and avoid paying the ransom, but many ransomware victims aren’t so fortunate.

The FBI estimates that ransomware cost victims $1 billion last year, up from $24 million in 2015, and warns that attacks are expected to continue escalating. Here is what you need to know about ransomware, why it’s dangerous, and what can make you vulnerable to becoming a victim of this virulent form of cybercrime.

Trickery that leads to a malicious download

Ransomware is a form of cyberattack that holds the victim’s device “hostage” by blocking access to the device, operating system, applications or files unless the victim pays money to have it unblocked. Some attacks threaten to post the user’s files online unless money is paid.

Alternately, some forms of ransomware do not actually lock the user’s device, but only display a message purporting to be from an authority such as a government agency, claiming that device will be locked unless the user pays a fine.

Ransomware typically works by tricking the user into clicking on a link in an email or on an infected website. Clicking the link downloads a malicious code onto the user’s device.

In more sophisticated ransomware, the code contains encryption instructions that use a random key to encrypt the device’s data. The device owner then cannot access their data without obtaining the key from the attacker.

Most attackers require money to be paid through an electronic medium such as bitcoin. The average amount demanded in 2016 was $679, but some attacks on businesses demand thousands or tens of thousands of dollars. However, paying does not necessarily guarantee the attacker will unlock the device. In some cases, paying simply opens the victim up to additional extortion.

Why is ransomware dangerous?

While early types of ransomware could usually be reversed through simple means, such as a reboot or system restore, newer forms use encryption, making them much harder to counter. And where older forms of ransomware could be avoided by not clicking on suspicious emarils or websites, newer versions can hide themselves in infected code on legitimate websites.

Ransomware is also infecting targets that affect more people and cause more damage. Some attacks have been aimed at hospitals, banks, utility companies, government agencies and police departments.

Finally, the success of ransomware attacks has attracted more thieves and emboldened them. Seventy percent of businesses infected with ransomware have paid the ransom, making this is a lucrative racket. Thieves are now demanding more from victims, with the average amount extorted expected to pass $1,000 soon.

Who is especially susceptible to ransomware?

Anyone connected to the Internet is a potential victim of ransomware, but some users are more vulnerable. Users who don’t keep their software versions, security patches, and antivirus software updated are more susceptible to vulnerabilities that ransomware can exploit. Users who don’t take precautions before clicking on spam email links or attachments or suspicious websites expose themselves to a higher risk of ransomware.

Users who don’t back up their files are also more vulnerable to ransomware because they don’t have a way to recover without paying ransom. Finally, having macros enabled in programs such as Word and Excel can leave you vulnerable to ransomware, which is increasingly being delivered through macros.

Ransomware is a growing threat that can potentially infect anyone connected to the Internet. It can cost victims hundreds or thousands of dollars. Users who don’t follow sound security and file backup practices are especially vulnerable. Ransomware typically invades devices through links in spam emails and code on fake websites, but it can also hide on legitimate sites.

Recent forms of ransomware are increasingly sophisticated and dangerous, as we’ll see in the next article in this series: Spora and the Future of Ransomware. Look for it on Thursday.

Until then, learn how backing up your data with Mozy by Dell can help prevent a ransomware disaster in your future.