What Is Ransomware?
Ransomware is a type of malware (malicious software) that is used to encrypt or scramble files on a computer system, thus making the system unusable, after which the attacker demands payment (ransom) in exchange for enabling the victim to decrypt and regain access to the files.
Instructions are normally given that the ransom should be paid in cryptocurrency, such as Bitcoin, within a certain time. The use of cryptocurrency is to make it difficult to follow the money to the attackers and also so that the payment cannot be reversed.
Some experts recommend not paying the ransom and seeking alternative ways to decrypt the files, though these alternatives are not guaranteed, and neither is the recovery of the files even after paying the ransom.
Ransomware is a growing problem and is a significant threat on the Internet today. One single attack on an IT firm that provides services to other businesses is reported to have affected between 800 and 1,500 businesses with a ransom demand of US$ 70 million. Schools and hospitals have also been attacked. Anyone can be a victim of ransomware.
What Can You Do To Protect Yourself?
To reduce your vulnerability to malware in general, implement the usual measures, such as:
- Keep your anti-malware software updated.
- Do not click links or open attachments in email or other messages whose source you were not previously aware of.
- Do not divulge private information to someone contacting you through unofficial channels and claiming to be from your bank, IT support or other organisation.
Please note that this is certainly not an exhaustive list of measures.
To protect against ransomware in particular:
- Have working backups of your important files. This would allow you to simply restore usable copies of your now-encrypted files from your backup.
- Protect your backups. Keep your backups separate from your live data and adequately secured. This is to prevent the attackers from deleting or encrypting your backups as well, thus placing you in the same disadvantaged position that they wanted.
Please keep in mind that even if you have backups and you are able to restore your files, the fact that your data got encrypted means that the attackers gained access to your system and you will need to find and seal the loophole that allowed them in, lest they return for another attack.
Links
https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware.html
https://www.cisa.gov/stopransomware