Ransomware is one of the fastest-growing and most lucrative forms of cybercrime in the world. It's malware that encrypts files on your device and is often delivered through an innocent-seeming link in an email or when a “helpful” program is downloaded.
When files are encrypted they can no longer be read unless you have access to a 'key' - something the bad guys don’t provide until the ransom is paid. Some ransomware will encrypt regular data files like images and documents, but lately there have also been ransomware attacks that instead encrypt special system files. When this happens the experience for the victim is bit different and could include not being able to start their device at all or ending up with a computer that’s forgotten where all its files are.
Whatever the symptoms, the effect is the same: no key, no data until the ransom has been paid. One of the toughest questions is what to do if your data is in fact hijacked - do you pay the crooks or do you not engage with them? Typically, security experts advise the latter because paying the ransom makes the bad guys more brazen, while others believe there are times where there’s really no choice but to pay.
At a typical price point around $300 to $600, ransomware can be expensive. On the other hand, think about what might be in those scrambled files: your baby videos; those tax return documents you were supposed to keep for seven years; the assignment you need to submit on Friday… how much are those really worth?
For better or for worse, most ransomware gangs have acquired a bit of an “honour among thieves” reputation, so that if you do pay the money, you almost certainly will get your files back. On the other hand, law enforcement and security experts are most likely to say, “This is extortion! If you can possibly take it on the chin, we urge you NOT TO PAY!”
But those are easy words to say if it’s not your data on the line. We’ve shied away from moralising about whether it’s always unacceptable to support criminality by paying up, even if you are in a difficult position.
So how do you protect yourself from getting put in this no-win situation in the first place?
How to avoid ransomware attacks
1. Firstly, do not try to remove the malware yourself. Some variants of ransomware have trip-wires built in that erase your data permanently if you do the wrong thing.
2. Make regular backups of your critical data and store this data on a device that is offline and not connected to any network.
3. Regularly update software on your desktop and mobile devices. Set Windows Update to automatically install updates and alert you to updates for other applications, if you are a PC user. Apple also has automatic checks for software and OS updates.
4. Block or do not open attachments with file types that have odd extensions e.g .exe
5. Avoid installing or running unwanted software on your desktop or mobile devices.
6. Don’t plug in external devices like a USB-drive from unknown sources.
7. Finally, don’t pay if you can possibly avoid it, even if it means some personal hassle.
Justin Peters is Technology Solutions Director APAC at Sophos