While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware.
1. Paying a demanded ransom may not get you your files back, and may not prevent a leak of your information. Over the past half decade we have seen, repetitively, that, many crooks utilizing ransomware are not honest, and that many parties who have paid ransoms have not regained access to their files.
2. Ransomware comes in multiple flavors – sometimes involving far more than just the unauthorized encryption of data. Most ransomware strains can block you from accessing your files, and involve criminals either (a) encrypting your files and demanding a ransom in exchange for the relevant decryption keys, or (b) removing your files, or portions thereof, from your computing devices, and demanding a ransom in exchange for returning your electronic property. Evildoers may also threaten that if you do not pay their ransom within some period of time that they will either destroy or leak the information that they have stolen from you. Other variants of ransomware may prevent you from using a particular connected device – or may involve a threat that if a ransom is not paid, the criminal will cause connected devices to malfunction.
3. Ransomware continues to grow smarter and more sophisticated – Many of today’s ransomware strains contain not only powerful anti-detection technology, but also sophisticated analysis engines that allow the malware to quietly seek out the most sensitive files within an organization before activating data theft routines, thereby increasing the odds of a victim appreciating the need to quickly recover by paying a demanded ransom.
4. Many ransomware attacks are now targeted, rather than opportunistic. Criminals may utilize all sorts of social engineering approaches, as well as technical exploits, in order to deliver their ransomware into their intended targets. Many such criminals also perform research into their would-be-victims’ financial situations – and both choose targets and set ransom sizes accordingly. Even some opportunistic ransomware takes such an approach – leveraging geolocation information to determine how much a victim should be charged; for example, if you are located in the USA, you are likely to be charged significantly more than someone living in a less-developed country whose residents have a far lower average income than that of the US population.
5. Hospitals and schools are frequent targets. Since early 2016 we have seen criminals target hospitals almost incessantly – for good reason; people can die, and have died, when their medical data is not available to doctors treating them – and criminals know that hospitals are likely to pay ransoms because they do not have the luxury of spending time to recover from attacks. Likewise, schools have all sorts of privacy-related rules when it comes to both personal data and grades, must keep exams secret prior to administration, and can have their credibility severely undermined by data leaks.
6. There are two primary proactive defenses against ransomware: Practicing proper cybersecurity hygiene and backing up your files. Of course, the former is both far more comprehensive and preventative, as well as a technique for preventing data leaks – but the latter is certainly critical as well. Remember to keep backups disconnected from your computer and network so that if any ransomware (or other malware) gets onto the network it cannot infect the backups. Also, keep in mind that if you are unsure if you backup often enough, you probably do not.
7. Ransomware, like other types of malware, can spread via “smart devices” that are not considered by most people to be “computers.” This is true even in cases in which the infected devices themselves cannot have their data encrypted or stolen by the ransomware.
8. Ransomware attacks are not going to end any time soon – and they are likely to become significantly more dangerous over the next few years. The trend toward increasingly dangerous ransomware attacks has existed for several years, and I expect it to to remain in place for the foreseeable future.
(This article is an updated version of a piece that I originally wrote in 2017, but which remains as true now as it was then.)