If You’ve Been Struggling to Find Facts About Ransomware, Read This
Though the term “ransomware” is thrown around a lot these days, and though the media goes into a frenzy every time a new ransomware attack is discovered, it can be hard to find the facts on these malicious cyberattacks. Even if you do happen to find one of those rare articles that describes what ransomware is and what it does… well, the writers often use so many technical terms that the articles end up unintelligible.
Here at ISM, we don’t like tech babble. We like clear, easy-to-understand explanations that help our clients make strong, confident decisions. That’s why we’re using this series to present the facts about ransomware. Part 1, today’s article, explains what ransomware is. Part 2 will offer clear advice about what you can do to keep your business safe.
What Is Ransomware?
Ransomware is a form of malicious software, known as “malware,” that can attack any item on your office or home computer network, including your servers, computers (desktops and laptops), and your mobile devices. Some forms of ransomware can also worm their way into your computers’ connected storage devices, such as external hard drives or USB sticks, and infect those too.
What Does Ransomware Do?
Once ransomware has sneaked onto your system or network, it takes control of your files and sends you a ransom note that tells you, in essence, that you need to “pay up or you’ll never see your files again.” (Yes, this really is what ransomware does, but it’s unlikely to use those exact words.)
Where Does Ransomware Come From?
To get infected with ransomware, you need to download a file that runs a ransomware program on your computer. Of course, no one’s going to download an obviously evil file, so cybercriminals name the files things like “invoice” so you’re more likely to download. Sometimes the download files are disguised as clickable links.
Most of these downloadable files are sent over email (which is why you have to be so careful about your emails), but sometimes these files are on websites too.
How Can You Tell If You’ve Become a Ransomware Victim?
Ransomware victims typically discover that their systems have been compromised when they try to open their computer files, but it looks like all the files have been corrupted. At that point, victims can find a ReadMe file somewhere in their computer with a notice that pops up on their screen telling them how much money they need to pay to recover their files and how much time they have to pay the ransom amount. Scary stuff.
Yes, But What Happens to the Files?
They get encrypted. In case you’re not quite sure what encryption is, you can think of it like a secret message that has to be read with a secret decoder ring. The files, which used to be fully readable, have now been turned into a secret code that looks like that computer garbage printers spew out when they’re broken. You know, the stuff that looks like this: #(*% @ (#” $$! @H*& %
In fact, the files are still there on your computer, but since they’ve been turned into a secret code message, you’ll only see gobbledygook when you open the files. What the criminals actually sell you in the ransomware transaction is the “encryption key,” which works like a secret decoder ring in digital form, making your files readable again.
How Do You Get Your Files Back?
Often, you can simply pay the ransom to get your files back. Typically, ransomware instructions are pretty detailed because the criminals want to make sure you know how to pay them. Of course, every criminal’s ransom note is different, but victims usually have to purchase a certain amount of Bitcoin and then transfer that Bitcoin into the criminal’s anonymous digital online wallet before the stated deadline.
This sounds pretty easy in theory, but do you know how or where to purchase Bitcoin? Have you ever sent money to an anonymous wallet? Most people haven’t. The total process can take time to figure out and it also requires some digital know-how. There are stories of people who fully intended to pay the ransom but who couldn’t purchase the Bitcoin or transfer it fast enough… which means they lost their files.
Is There a Guarantee That You’ll Get Your Files Back If You Pay?
Unfortunately, there’s no guarantee you’ll get your files back even if you do pay the ransom on time. This can happen for a few reasons:
- The ransomware attack was badly set up. WannaCry was a classic example of a bad set up because the perpetrators of that attack didn’t actually have a clear way to verify that their thousands of victims had actually paid the ransom.
- The cybercriminal is, you know, a criminal. If these people had a moral code, they wouldn’t be hijacking people’s personal and business data for money. It shouldn’t surprise us that many ransomware cybercriminals won’t complete a fair-and-square business transaction either.
- The government caught the criminal and/or shut down his or her operations. Maybe the criminal fully intended to return your files but they lost control of the servers they had stored the files or the encryption key on. Maybe they’re already in jail or they’re running from the law. Either way, they’re literally unable to return your files to you, so those files are never coming back.
Protect Yourself from Ransomware
The best idea to protect yourself from ransomware is to protect your business and have a rock-solid backup plan in case you become a victim.
Check out Part 2 of this ransomware series to learn how you can secure your company against the potentially devastating effects of an attack.
Want to get protected now? Contact ISM to learn how you can confidently secure your business.
Going to be in Portland, OR soon? Check out our upcoming Events schedule to register for an in-person ransomware and business continuity seminar (including a delicious free lunch and great networking). See you there!