Hackers then send you a ransom note and say all of your files will be gone forever unless you send them several hundred or thousand dollars in cryptocurrency.
How Ransomware Works
Ransomware can target anyone, from individuals and small businesses to large organisations like government departments and hospitals. Some people mistakenly believe that hackers would rather target large companies as they have money to pay but that’s not always the case!
It can prevent you from using your computer by encrypting, or scrambling, your files so you can’t read them. The attacker will demand that you pay money — a ‘ransom’ — to get your files back. They’ll often ask for payment in an online currency like Bitcoin, which is harder to trace than regular cash.
Should you pay the ransom?
Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should you pay to get them back? The ransom amount can be from a few hundred dollars to several thousand!
The attacker will assume that it’s easier for you to pay the ransom than to get someone to fix the problem. Unfortunately, once the files are encrypted, it’s almost impossible to get them back. It’s best to wipe the whole computer and restore from a backup. But what if you don’t have one?
It’s important to know that paying a ransom doesn’t guarantee you’ll get your data back. More often, the attacker will simply take your payment and leave your files encrypted.
Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run.
These crooks usually operate from 3rd world countries and hide from law enforcement agencies. Proxy servers, VPNs (Virtual Private Networks), hotspots and public WiFi allows them to roam from place to place.
If the hackers do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your computer or whole network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.
Can you manage the impact?
In case you managed to get infected with ransomware, the best way to get your files back is to wipe the affected computers and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go.
The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.
How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business and individuals demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.
Are your backups good?
Many people are discovering too late that their backups systems aren’t good enough to withstand this type of attack. If you use USB sticks or portable hard drives and leave them plugged in all the time, your backups can get encrypted as well! It’s important to run the backups regularly and then disconnect the backup drives and store them in a safe place.
If you keep your hard drive in a drawer and don’t remember the last time you made a backup, all the new and changed files between then and now is probably going to be lost. We’ve seen customers who didn’t back up for years and then it was too late…
If you rely on Dropbox, iCloud, OneDrive, or Google Drive, be aware that those services are not backups. They sync files from your computers to the cloud storage, and when files on your computer become encrypted, the same happens to your cloud copies.
Stay safe in the first place
Ransomware is showing no signs of slowing down. It’s a very lucrative business! Most attacks come via phishing emails – those emails that trick you into clicking a link – and they can be extremely convincing. We wrote about common email scams last year, here is the link if you want to read about them again – Four Email Scams That Can Give You Malware
Even if you have up-to-date antivirus, it’s not a guarantee that it will catch malware. Cybercriminals are always a step ahead of antivirus companies, who try to catch up with the crooks. Before antivirus signatures can be updated, there has to be someone who gets infected and reports the infection! It’s important to keep your operating system and software updated as it provides the first line of defence against malware.