Ransomware is a type of malware that infects a computer and locks their files by encrypting them so they cannot be used until the owner of the device pays a ransom (usually in bitcoin or other online crypto-currency) to get their device unlocked. Attackers often use ransomware because it has several advantages over traditional malware and viruses. One of those advantages is that attackers get paid much faster than traditional viruses that usually steal personal data to be sold or use a computer for nefarious purposes such as sending out spam email. Another big advantage for attackers is that there is little risk and cost to do a ransomware attack, with the use of crypto-currencies as a payment method, it is hard to track down the attackers are that are behind the attack, additionally there are even sites that sell Ransomware-as-a-Service for a low cost so that attackers can start making money from these attacks with little cost and knowledge. Ransomware is catching on with the traditional cyber criminals too, there has been a huge spike between 2014-2017 of cyber criminals that started including ransomware within their traditional malware and viruses as shown in the graphic below from the Verizon Data Breach Investigations Report
Because of this spike of ransomware within traditional malware, even if you pay the ransom and get your files back, your computer is usually still infected with other viruses that can control your computer.
But there is hope, from 2014-2017 ransomware has had explosive growth, but in 2018 the growth is slowing down, according to a studying by security company Malwarebytes
There are a number of reasons for this drop. With large profile cases of ransomware that have made its round in the news such as WannaCry and Petya/NotPetya, ransomware has become more of a household term; because of this, businesses and consumers are being smart and protecting themselves, either by buying ransomware protection or buying backup solutions for their computers so that if their files are locked and encrypted they can just restore from a backup and not pay the ransom. Additionally attackers have moved from ransomware which is an intrusive attack, to other crypto-currency based attacks that are less intrusive, we have written about one of these less intrusive attacks in our blog post https://blog.3keylogic.com/2018/08/01/modern-security-threats/
How to protect yourself from ransomware
Update, update, update! The number one way that ransomware attacks are successful are by exploiting security vulnerabilities that are not patched on a computer. When that pop-up comes up about installing new updates make sure you update right away. Do not open attachments from emails that you do not recognize, do not click on pop-ups from websites. If the email looks fishy, then it is probably a phishing attack and that attachment is ransomware or another virus. Make sure the create backups of all your data, it is easier just to restore from a backup then to pay a ransom because paying a ransom does not mean that your computer won’t still be infected or that the cyber criminals will actually unlock your files. Lastly make sure you have an anti-virus installed and that it is kept up-to-date to stay secure.