What is Ransomware?
Ransomware is a vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries an attack is considered a data breach.
How do you get Ransomware?
Ransomware can be spread through different means including the following:
- Phishing emails that contain malicious attachments or links.
- Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed.
- Social media, such as Web-based instant messaging applications.
- Web servers have also been exploited as an entry point to gain access to an organization’s network.
Why is Ransomware so effective?
Ransomware attempts to instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users’ systems can become infected with additional malware. Ransomware displays intimidating messages to scare end users to comply.
What is the potential impact of Ransomware?
Ransomware can attack anyone; businesses can also become infected with ransomware, causing financial and confidential losses, including:
- Loss of sensitive or proprietary information
- Interruption to business operations
- Financial losses incurred to remedy the attack
- An organization’s reputation
Paying the ransom does not guarantee the attacker will follow through with promises. It only guarantees that the criminals receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
What do I do to protect against Ransomware?
Ransomware can be overwhelming and recovery can be a demanding process that may require the services of a creditable data recovery specialist.
Some preventive measures to help protect against ransomware:
- Implement a backup and recovery plan for all critical information. Backups should be isolated from the network to help prevent compromised backups.
- Install the latest patches for operating systems and software.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet before installing.
- Run end-point security and anti-virus software for all your emails.
- Implement anti-phishing campaigns and block malicious websites.
- Utilize monitoring tools across your systems.
- Apply “Least Privilege” principle to users’ permissions for all systems and services.
- Avoid enabling macros from email attachments.
- Do not click on unsolicited Web links in emails.
- Continuous training and education.
What are some signs of Ransomware?
- System is locked with a message about how to pay to unlock your system
- File directories contain a "ransom note" file that is usually a .txt file.
- A file directory is a place where files are saved. For example when you save a file to “My Documents”.
- The .txt indicates the file type and is referred to as a file extension.
- Another indication of a potential issue - filenames have a different file extension than normal.
- Depending on your settings a file extension may or may not be viewable at the end of your filename. Example: samplefilename.doc (file name is samplefilename and the file extension is .doc)
What to do if you have signs of Ransomware?
- Do not power down system
- Disconnect from networks
- Unplug network cables.
- Put your device in Airplane Mode.
- Turn off Wi-Fi and Bluetooth and other network adapters.
- Disconnect external devices
- USB drives or memory sticks
- Attached phones or cameras
- External hard drives
- Any other devices that could become compromised
- Report the incident as early as possible
Be safe online — see our Cybersecurity, Fighting Internet Fraud, Malware and Mobile Devices and Identity Theft Prevention pages for more info.
- CISA MS-ISAC Ransomware Guide
- FDIC — Cybersecurity
- OnGuard Online.gov
- FTC — Federal Trade Commission
- Identity Theft Resource Center
- Internet Scam Busters
This information is offered up for the general guidance and is not intended as, nor should it be construed as legal, financial or other professional advice. Please consult with your attorney or financial advisor to discuss any legal or financial issues on this topic.