What Is Ransomware?

Chad Hammond
ransomware

Imagine you receive an email from your friend inviting you to a party. You click on the attachment to get more information, and suddenly your screen goes blank. Only one message appears: “Your device has been locked. Please pay $XXX to access your files.” It wasn’t your friend who sent the email after all. You’ve just fallen for the ransomware attack, which last year, cost people and businesses over $8 billion in the US alone. Read this post to learn more about it.

What is a ransomware attack?

It’s a type of attack that uses malware to encrypt your files, folders, hard drives, or your device. Once your data is encrypted, the only person who can decrypt it is the hacker, as they are the one holding the encryption key.

Therefore, they’ll ask for a ransom in return, which can vary from a few hundred dollars to a few bitcoins. You usually receive guidance on how to make the payment, and once the ransom is paid, the criminal promises you’ll regain access.

Types of ransomware

There are different forms of ransomware that you might come across:

  • Crypto malware. The most common type of ransomware. It’s a type of malware that encrypts your files, folders, or hard drives and asks for ransom payments to decrypt them.

  • Lockers. This type of malware completely locks your device so that you can’t access any files or folders. It mostly targets Android devices.

  • Scareware. It’s fake ransomware that might show as a pop-up message, or it might lock your computer and leave a ransom note. However, when you pay the ransom, you might realize that your data was never encrypted in the first place.

  • Doxware or leakware. It works similarly to crypto-malware. However, with this type of attack, hackers not only encrypt your data but also threaten to leak it unless you pay up.

  • Ransomware as a service (RaaS). This type of malware is hosted anonymously by a hacker who handles the distribution of malware, collects ransom payments, and takes a cut of the ransom as a reward.

  • Device-based ransomware. Some ransomware can be focused on specific operating systems or devices. Macs have previously had ransomware developed just for them. Mobile devices have also seen an increase in ransomware attacks.

How does ransomware get on your computer?

The most common way to get on your device is via phishing, for example, phishing emails. Such emails look like they come from a legitimate source, like your bank, work, or a friend you trust, but they usually have a link or a file that hides malicious software. Once you click or download it, the malware takes over your device.

Alongside phishing, some hackers might use social engineering attacks to entice you into giving remote access to them. Some ransomware attacks might be disguised as warnings from law enforcement agencies. For example, they might state that you watch illegal content or have pirated software, which is why you need to pay. Such cover stories might make it less likely that you’ll report it to the authorities.

Other encryption ransomware might be even more aggressive — for example, NotPetya, which infected users' devices without needing to trick them.

How do hackers choose their victims?

Both individuals and organizations can fall for a ransomware attack. Sometimes it’s just a matter of opportunity, but most of the time, hackers choose their targets. They can be:

  • Organizations with poor security standards and large databases. For example, universities or small businesses that have small IT teams but hold a lot of sensitive information.

  • Victims that desperately need access to their files. For example, governments or medical facilities. Such organizations cannot afford to lose access to their data even for a few hours, meaning they are more likely to pay the ransom and pay it fast.

  • Big corporations. Losing access to data and not having it for a prolonged time might bring such companies more significant losses than paying the ransom. Also, they are more inclined to keep such accidents quiet and deal with them as quickly as possible.

  • Businesses in Western countries. Hackers are also more likely to target organizations in Western countries as they might be more likely to pay bigger sums. By the way, some ransomware can be set up to evaluate a country's economic situation and decrease the demands depending on the findings.

Can you remove ransomware?

It’s possible to remove malware from your device without paying the ransom. However, doing so won’t recover your encrypted data. The only way to decrypt it is by having the decryption key.

What to do if you face ransomware: Should you pay?

Whether to pay a ransom is your decision only, and it very much depends on the situation you are in.

Most security experts will advise you not to pay as you’ll encourage hackers to continue using crypto-ransomware. Also, you may not be certain that the hacker holds your data, and it’s not scareware, or that they will decrypt it once they get the ransom. They might even decide to blackmail you, no matter if you’ve paid the money or not.

However, in some situations, your data will be more valuable to you than the ransom you are asked for. You might need to access it here and now and cannot afford to have it encrypted for an extended period of time. Most of the time, hackers set the price so that it is lower than the damage or the cost of recovering your files.

What is the best protection against ransomware

  • Learn to recognize phishing. Beware of email attachments and suspicious links. Don’t click or download them unless you’ve been expecting them or you know they are coming from a legitimate source. If you have a business or manage a team, educate them too.

  • Have antivirus and perform regular scans. Of course, ransomware attacks are becoming more sophisticated, and this option will not always help — but in some cases, it might.

  • Use whitelist software that prevents unauthorized software from being installed on your device.

  • Regularly update your operating system. Don’t ignore notifications; they will patch bugs and vulnerabilities that ransomware may otherwise exploit.

  • Never give anyone remote access to your device unless you are sure who they are and why they need the access.

  • Back up your files. Backups won’t protect you if the hacker decides to leak your data. But they may give you the upper hand in negotiations and minimize the damage in the most common crypto attacks.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.