Once data is held for ransom via ransomware, there’s no guaranteed way to reclaim it — not even payment. Ransomware’s victims typically are those with the least protection. To avoid becoming a target, install strong security tools on your computer and mobile devices, back up data to a reliable cloud service, keep passwords in a secure location, and exercise caution when clicking on links or opening attachments.
Malware is running rampant on the Internet, affecting smartphones, tablets and personal computers. Relatively new malware allows bad guys to encrypt devices until a ransom is paid. Usually the ransom is required in bitcoin, rather than U.S. currency, as it cannot be traced.
What are the legal and other risks associated with ransomware?
Ransomware is largely directed at personal devices and small businesses, particularly since larger companies tend to have better Internet hygiene for their devices — like regular backups and requiring that passwords be stored in a safe place rather than on a device.
Following are just a few examples of the data at risk from ransomware, which can plague you if you cannot immediately cleanse your device, or set up a new one and restore your data with an up-to-date backup:
- Tax information. What if you keep all of your tax records on your hard drive using Quicken or another program? Losing tax records and financial information will make it very difficult to do your taxes, or prove expenses if you are audited.
- Client work. If you are relatively paperless and store your work on the computer, you may lose valuable time or work.
- Passwords. If you are locked out of your bank accounts and other sites, it will take time to restore access, or you may lose access altogether.
How Can You Protect Yourself?
First, take steps to avoid ransomware in the first place. It is, after all, malware. So, do not click on attachments or go to websites if you are not sure of the sources.
Second, get a good app for your smartphone or tablet, and a software program to protect your personal computer in real time. Be good to your devices: Install security tools and regularly run scans. If you think your smartphone or tablet has been infected with malware, think twice about plugging it into your computer.
Third, back up your hard drives to the cloud or to a portable hard drive. Of course, cloud storage has its own set of risks. For example, when you use a free cloud service, you run the risk that your data may not be available when you need it.
What Exactly Is Ransomware?
Ransomware is specialized malware that “immediately makes its presence known by encrypting files and demanding payment for
the keys to unlock them.” The Department of Homeland Security (DHS) issued an alert last fall that includes this description:
“Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This
type of malware, which has now been observed for several years, attempts to extort money from victims by displaying
an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been
encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of [100-300 US
dollars], and is sometimes demanded in virtual currency, such as Bitcoin.
“Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by
downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is
downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically
spread through similar methods, and has been spread through Web-based instant messaging applications.”DHS discourages paying the ransom:
“Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious
actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not
mean the malware infection itself has been removed.”
Notwithstanding DHS’ advice, the Dickson County (Tennessee) Sheriff subsequently paid a $500 bitcoin ransom to get back files on a corrupted computer, after consulting the Tennessee Bureau of Investigation and the FBI. Paying the ransom, they concluded, was the best way to deal with the problem at hand.
Dell SecureWorks last summer issued a report about CryptoWall Ransomware.
Between March and August 2014, “nearly 625,000 systems were infected with CryptoWall. In that timeframe, CryptoWall encrypted more than 5.25 billion files,” it states.
This type of ransomware is run by botnet operators, so there is no pattern to suggest which victims might be targeted for attacks.The report notes the following:
“Ransoms ranging from $200 to $2,000 have been demanded at various times by CryptoWall’s operators. The larger
ransoms are typically reserved for victims who do not pay within the allotted time (usually 4 to 7 days). In one case,
a victim paid $10,000 for the release of their files.”
Bromium recently released a report entitled “Understanding Crypto-Ransomware — In- Depth Analysis of the Most Popular
Malware Families.” Its introduction makes the following observation:
“This threat is called crypto-ransomware (ransomware) and includes at least a half-dozen variants, including
CryptoLocker and CryptoWall. Ransomware shows no sign of abating since traditional detection-based protection,
such as antivirus, has proven ineffective at preventing the attack. In fact, ransomware has been increasing in
sophistication since it first appeared in September 2013, leveraging new attack vectors, incorporating advanced
encryption algorithms and expanding the number of file types it targets.”
Ransomware is a rapidly growing problem, and there is not yet a solution.
Until a solution to fully protect against malware is found, traditional advice still applies: Protect your computers and other devices with antimalware apps and software, back up regularly, and store your passwords in a safe place.