What is a ransomware attack?

How do ransom­ware attacks work?

Ransom­ware encrypts all the files on your device so that you can’t access them with­out a decryption key. It can also lock your device completely. Because of this, these different types of ransom­ware are referred to as crypto-ransom­ware and locker ransom­ware. After infecting your files or device with ransom­ware, criminals demand a ransom of typically $300 to $500 in Bitcoin per device. The ransom is paid in exchange for the ransom­ware decryption key that returns the files or the device — or at least that is what the criminals tell their victims.

How can ransom­ware infect my device?

Computer viruses, what different ransom­ware and trojan types are, have to be down­loaded manually by accident or automatically by another malware. Ransom­ware can be down­loaded from email attachments, compromised or malicious web­sites and ads, or unsafe Wi‑Fi net­works. Phishing is one common method of sneaking ransom­ware into a victim’s device. Other malware can also down­load ransom­ware with­out you knowing.

Can ransom­ware infect my mobile phone?

Yes. Mobile ransom­ware exists for both iOS and Android devices. What’s worse, it’s a growing threat because of the huge amount of people using smart devices. On top of that, so-called smishing attacks are a common way for criminals to infect mobile devices. Fortunately, there are mobile anti­virus apps that help you to protect your Android or iOS device.

Can I remove a ransom­ware infection?

Ransom­ware removal can be tricky and some­times even impossible after it’s on your device. That’s why ransom­ware protection starts with trust­worthy anti­virus soft­ware that prevents ransom­ware from infecting your device. You can also prepare by taking regular backups so if you get attacked, you can restore from backups.

How can I get my encrypted files back?

Paying the ransom does not guarantee that you will get your files back. You can check if there is a decryption tool for the ransom­ware you’ve been attacked with. You can check from help forums like Bleeping Computer for help with many different types of ransom­ware.

Should I pay the ransom?

In case you have become a victim of a ransom­ware attack, paying the ransom can feel like the easiest solution to getting back your encrypted files or control over your locked device. How­ever, you cannot be certain that the criminals behind the ransom­ware attack are going to do as they say once the ransom is paid. On top of that, paying the ransom encourages criminals to seek more targets who are willing to pay the ransom and comply with the criminals’ demands.

Paying the ransom is also a way of financing the criminals and enabling them to aim higher in their criminal exploits. How­ever, large companies have been found to be very willing to comply with the ransom­ware attackers’ demands and end up paying the ransom. For these organizations and companies, the costs and inconvenience of not being able to operate are too high, so they rather pay the ransom.

Why do ransom­ware attackers want bitcoin?

Payment in the crypto­currency bitcoin is a common way to ask for the ransom in a ransom­ware attack. Other crypto­currencies may be used as well. But why is that? Why do ransom­ware attackers demand payment using crypto­currency? The primary reason for this is that payments in bitcoin and other crypto­currencies cannot be easily traced, offering anonymity to the criminals.

What is ransom­ware-as-a-service (RaaS)?

In addition to crypto-ransom­ware that encrypts your files and locker ransom­ware that locks the devices it infects, there is one more form of ransom­ware to consider: ransom­ware-as-a-service, or RaaS for short. With RaaS, cyber criminals are able to offer their services to those who do not have the required technical skills to develop ransom­ware programs of their own. In a setup like this, the entity providing the ransom­ware program is referred to as a RaaS operator. The person, or persons, paying for the operator’s service is called the RaaS affiliate.

What are some recent ransom­ware examples?

Unfortunately, the number of ransom­ware attacks and different kinds of ransom­ware has been increasing. The most wide­spread and impactful ones often make their way into national and global news as well. Here are some examples of recent ransom­ware attacks.

Wanna­Cry: Ransom­ware attack on the NHS

One notable ransom­ware attack that took place in the UK in 2017 was the Wanna­Cry ransom­ware attack on the National Health Service (NHS). The estimated costs to NHS were 92 million pounds after the attack caused 19,000 appointments to be canceled. Unfortunately, the NHS was hardly the only large organization to be affected by the Wanna­Cry ransom­ware: the global costs of Wanna­Cry have been estimated at 4 billion dollars.

The Wanna­Cry ransom­ware encrypted data on the computers it infected. The ransom­ware attackers then demanded to be paid in bitcoin if the victim wanted their data to be returned. As the example of Wanna­Cry shows, ransom­ware attacks often target large organizations, such as health­care services, or sizeable companies.

Other well-known ransom­ware attacks

• Crypto­Locker
• Ryuk
• Petya and NotPetya
• Bad Rabbit
• Locky
• GoldenEye

5 simple anti-ransom­ware tips

• Make sure you’re running an effective internet security program on all your devices.
• Take regular backups of your data. Store them offline so they can’t get infected.
• Keep your soft­ware and operating systems up to date. Enable automatic updates to always have them updated.
• Be skeptical of email links and attachments. Type links into your browser rather than clicking from the email. Be extra careful with attachments requesting you to enable or allow some­thing — macros, editing, content, etc.
• Disable commonly exploited browser plugins such as Flash Player and Silver­light when you’re not using them. You can do this through your web browser under the plugin settings.